Buffer overflow in Symantec Antivirus

CVE-2012-4953

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly pe…

Vulnerability class: Buffer Overflow

EPSS: 0.095 (93.0th percentile) — read the EPSS interpretation.

Affected products

Symantec Antivirus — versions 10.1.0, 10.1.4, 10.1.5
Symantec Endpoint_protection — versions 11.0, 12.0
Symantec Scan_engine
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cret@cert.org (x_refsource_CONFIRM)
VU#985625 (x_refsource_CERT-VN, US Government Resource, third-party-advisory)
1027726 (vdb-entry, x_refsource_SECTRACK)
56399 (vdb-entry, x_refsource_BID)