CVE-2007-3021
First published: Tue Jun 05 2007(Updated: )
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Client Security | =3.1 | |
| Symantec Client Security | =3.1.394 | |
| Symantec Client Security | =3.1.396 | |
| Symantec Client Security | =3.1.400 | |
| Symantec Client Security | =3.1.401 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2021 | |
| Symantec Norton Antivirus with Backup | =10.1 | |
| Symantec Norton Antivirus with Backup | =10.1.396 | |
| Symantec Norton Antivirus with Backup | =10.1.400 | |
| Symantec Norton Antivirus with Backup | =10.1.401 | |
| Symantec Reporting Server | <=1.0.197.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.symantec.com/avcenter/security/Content/2007.06.05a.html
- http://www.securityfocus.com/bid/24313
- http://www.securitytracker.com/id?1018196
- http://secunia.com/advisories/25543
- http://www.vupen.com/english/advisories/2007/2074
- http://osvdb.org/36109
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34744
Frequently Asked Questions
What is the severity of CVE-2007-3021?
CVE-2007-3021 is rated as medium severity due to its potential to allow unauthorized execution of arbitrary files.
How do I fix CVE-2007-3021?
To fix CVE-2007-3021, update to Symantec Reporting Server version 1.0.224.0 or later.
What software is affected by CVE-2007-3021?
CVE-2007-3021 affects Symantec Reporting Server versions prior to 1.0.224.0 and various versions of Symantec Client Security and Norton Antivirus.
Can CVE-2007-3021 lead to data loss?
Yes, CVE-2007-3021 could potentially lead to data loss by allowing attackers to execute malicious files.
Is there a workaround for CVE-2007-3021?
Disabling the affected services until an update can be applied may serve as a temporary workaround for CVE-2007-3021.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- canonical/symantec client security
- version/symantec client security/3.1
- version/symantec client security/3.1.394
- version/symantec client security/3.1.396
- version/symantec client security/3.1.400
- version/symantec client security/3.1.401
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/10.0.2.2021
- version/symantec norton antivirus with backup/10.1
- version/symantec norton antivirus with backup/10.1.396
- version/symantec norton antivirus with backup/10.1.400
- version/symantec norton antivirus with backup/10.1.401
- canonical/symantec reporting server
- version/symantec reporting server/1.0.197.0