Buffer overflow in Symantec Antivirus

CVE-2010-0108

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows re…

Vulnerability class: Buffer Overflow

EPSS: 0.132 (94.3th percentile) — read the EPSS interpretation.

Affected products

Symantec Antivirus — versions 10.0.2, 10.2, 10.1.6.1
Symantec Client_security — versions 3.0.2.2010, 3.0.1.1000, 3.0.1.1007
Symantec Endpoint_protection — versions 11.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_MISC)
38651 (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow. (mailing-list, x_refsource_BUGTRAQ)
38222 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM)
ADV-2010-0412 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
scp-cliproxy-activex-bo(56355) (vdb-entry, x_refsource_XF)