Vulnerability CVE-2007-3699


Published: 2007-10-05   Modified: 2012-02-12

Description:
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

Type:

CWE-DesignError

Vendor: Symantec
Product: Norton antivirus 
Version:
9.0.6.1000
9.0.5.1100
9.0.5
9.0.4
9.0.3.1000
9.0.3
9.0.2.1000
9.0.2
9.0.1.1.1000
9.0.1
9.0.0.338
9.0.0
9.0
2006
2005
2004
See more versions on NVD
Product: Brightmail antispam 
Version:
6.0.4
6.0.3
6.0.2
6.0.1
6.0
5.5
4.0
See more versions on NVD
Product: Mail security 
Version:
6.0.0
5.1.0
5.0.1
5.0.0.204
5.0
4.6_build_97
4.6.3
4.6.1.107
4.5_build_741
4.5_build_736
4.5_build_719
4.5.4.743
4.5
4.1
4.0.1
4.0
See more versions on NVD
Product: Antivirus scan engine 
Version:
5.0.1
5.0
4.3.8.29
4.3.7.27
4.3.3
4.3.12
4.3
4.1.8
4.1
4.0
See more versions on NVD
Product: Web security 
Version:
5.0
3.01.68
3.01.67
3.01.63
3.01.62
3.01.61
3.01.60
3.01.59
3.0.1_build_3.01.74
3.0.1_build_3.01.72
3.0.1_build_3.01.70
3.0.1.76
3.0.1.70
3.0.1
3.0
2.5
See more versions on NVD
Product: Client security 
Version:
3.1.401
3.1.400
3.1.396
3.1.394
3.1
3.0.2.2021
3.0.2.2020
3.0.2.2011
3.0.2.2010
3.0.2.2002
3.0.2.2001
3.0.2.2000
3.0.1.1008
3.0.1.1007
3.0.1.1001
3.0.1.1000
3.0.0.359
3.0
2.0.6
2.0.5_build_1100_mp1
2.0.4
2.0.3_build_9.0.3.1000
See more versions on NVD
Product: Symantec antivirus filtering +for domino 
Version: 3.0.12;
Product: Gateway security 5000 series 
Version: 3.0.1;
Product: Norton internet security 
Version:
3.0
2006
2005
2004
See more versions on NVD
Product: Norton system works 
Version:
3.0
2006
2005
2004
See more versions on NVD
Product: Norton personal firewall 
Version:
2006_9.1.1.7
2006_9.1.0.33
2006
See more versions on NVD

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html
http://www.zerodayinitiative.com/advisories/ZDI-07-039.html
http://www.vupen.com/english/advisories/2007/2508
http://www.securityfocus.com/bid/24282
http://secunia.com/advisories/26053

Related CVE
CVE-2019-12755
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have ac...
CVE-2019-9697
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwis...
CVE-2019-12754
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other use...
CVE-2019-12753
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not ...
CVE-2018-18371
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext au...
CVE-2018-18370
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject m...
CVE-2019-12750
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue wh...
CVE-2019-12751
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are nor...

Copyright 2019, cxsecurity.com

 

Back to Top