Vulnerability CVE-2010-0106


Published: 2010-02-19   Modified: 2012-02-13

Description:
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific events" that prevent the user from having read access to unspecified resources.

Type:

CWE-Other

Vendor: Symantec
Product: Client security 
Version:
3.1.401
3.1.400
3.1.394
3.1.0.401
3.1.0.396
3.1
3.0.2.2021
3.0.2.2020
3.0.2.2011
3.0.2.2010
3.0.2.2001
3.0.2.2000
3.0.2
3.0.1.1008
3.0.1.1007
3.0.1.1000
3.0.0.359
3.0
Product: Endpoint protection 
Version: 11.0;
Product: Antivirus 
Version:
10.2
10.1.7
10.1.6.1
10.1.6
10.1.5.1
10.1.5
10.1.4.1
10.1.4
10.1.0.1
10.1
10.0.9
10.0.8
10.0.7
10.0.6
10.0.5
10.0.4
10.0.3
10.0.2.2
10.0.2.1
10.0.2
10.0.1.1
10.0.1
10.0

CVSS2 => (AV:L/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
1.9/10
2.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial

 References:
http://www.securityfocus.com/bid/38219
http://www.securitytracker.com/id?1023621
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_00
http://www.vupen.com/english/advisories/2010/0410
https://exchange.xforce.ibmcloud.com/vulnerabilities/56354

Related CVE
CVE-2019-12755
Norton Password Manager, prior to 6.5.0.2104, may be susceptible to an information disclosure issue, which is a type of vulnerability whereby there is an unintentional disclosure of information to an actor that is not explicitly authorized to have ac...
CVE-2019-9697
An information disclosure vulnerability in the Management Center (MC) REST API 2.0, 2.1, and 2.2 prior to 2.2.2.1 allows a malicious authenticated user to obtain passwords for external backup and CPL policy import servers that they might not otherwis...
CVE-2019-12754
Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other use...
CVE-2019-12753
An information disclosure vulnerability in Symantec Reporter web UI 10.3 prior to 10.3.2.5 allows a malicious authenticated administrator user to obtain passwords for external SMTP, FTP, FTPS, LDAP, and Cloud Log Download servers that they might not ...
CVE-2018-18371
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext au...
CVE-2018-18370
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject m...
CVE-2019-12750
Symantec Endpoint Protection, prior to 14.2 RU1 & 12.1 RU6 MP10 and Symantec Endpoint Protection Small Business Edition, prior to 12.1 RU6 MP10c (12.1.7491.7002), may be susceptible to a privilege escalation vulnerability, which is a type of issue wh...
CVE-2019-12751
Symantec Messaging Gateway, prior to 10.7.1, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are nor...

Copyright 2019, cxsecurity.com

 

Back to Top