Buffer overflow in Symantec Client_security

CVE-2010-0107

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR…

Vulnerability class: Buffer Overflow

EPSS: 0.271 (96.5th percentile) — read the EPSS interpretation.

Affected products

Symantec Client_security — versions 3.0.2.2010, 3.0.1.1000, 3.0.1.1007
Symantec Norton_360 — versions 1.0, 2.0
Symantec Norton_antivirus — versions 2006, 2007, 2008
Symantec Norton_internet_security — versions 2006, 2007, 2008
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

62412 (x_refsource_OSVDB, vdb-entry)
38654 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
20100224 VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability (mailing-list, x_refsource_BUGTRAQ)
38217 (vdb-entry, x_refsource_BID)
1023628 (vdb-entry, x_refsource_SECTRACK)
1023629 (vdb-entry, x_refsource_SECTRACK)
1023630 (vdb-entry, x_refsource_SECTRACK)
1023631 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM)
ADV-2010-0411 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)