Cross-Site Scripting Vulnerabilities in Symantec Log Viewer and Norton Security Products
CVE-2009-1428

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Internet Security; Antivirus; Endpoint Protection; Norton 360
Vendor: CVE Published:; 29 April 2009

Summary

Multiple cross-site scripting vulnerabilities exist in the ccLgView.exe component of the Symantec Log Viewer. These flaws allow remote attackers to inject arbitrary web script or HTML into email messages, exploiting parsing errors present in the application. This could potentially lead to unauthorized access or manipulation of user data, posing a significant security risk to users of affected Symantec and Norton products.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50170

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2009/1203

vdb-entryx_refsource_VUPEN

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 29, 2009
Vulnerability Reserved
Apr 24, 2009