CVE-2012-4953

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus; Scan Engine; Endpoint Protection
Vendor: CVE Published:; 14 November 2012

Summary

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/985625

third-party-advisoryx_refsource_CERT-VN

http://www.securitytracker.com/id?1027726

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Nov 14, 2012
Vulnerability Reserved
Sep 17, 2012