Login Screen Injection Vulnerability in Symantec Products
CVE-2009-1432

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus; Client Security; Endpoint Protection
Vendor: CVE Published:; 30 April 2009

What is CVE-2009-1432?

An issue in Symantec Reporting Server allows remote attackers to inject arbitrary text into the login screen of various Symantec products, potentially facilitating phishing attacks. This vulnerability stems from improper handling of URLs, enabling unauthorized manipulation of the login interface.

References

http://www.vupen.com/english/advisories/2009/1204

vdb-entryx_refsource_VUPEN

http://securitytracker.com/id?1022137

vdb-entryx_refsource_SECTRACK

http://secunia.com/advisories/34856

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2009
Vulnerability Reserved
Apr 24, 2009

JSON