CVE-2007-3771: Buffer Overflow
First published: Sun Jul 15 2007(Updated: )
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Client Security | =2.0 | |
| Symantec Client Security | =3.0 | |
| Symantec Client Security | =3.0.1.1000 | |
| Symantec Client Security | =3.0.1.1007 | |
| Symantec Client Security | =3.0.1.1009 | |
| Symantec Client Security | =3.0.2 | |
| Symantec Client Security | =3.0.2.2000 | |
| Symantec Client Security | =3.0.2.2001 | |
| Symantec Client Security | =3.0.2.2002 | |
| Symantec Client Security | =3.0.2.2011 | |
| Symantec Client Security | =3.0.2.2021 | |
| Symantec Norton Antivirus with Backup | =9.0 | |
| Symantec Norton Antivirus with Backup | =9.0.0.338 | |
| Symantec Norton Antivirus with Backup | =9.0.1 | |
| Symantec Norton Antivirus with Backup | =9.0.1.1.1000 | |
| Symantec Norton Antivirus with Backup | =9.0.1.1000 | |
| Symantec Norton Antivirus with Backup | =9.0.2 | |
| Symantec Norton Antivirus with Backup | =9.0.2.1000 | |
| Symantec Norton Antivirus with Backup | =9.0.3.1000 | |
| Symantec Norton Antivirus with Backup | =9.0.4 | |
| Symantec Norton Antivirus with Backup | =9.0.5 | |
| Symantec Norton Antivirus with Backup | =9.0.5.1100 | |
| Symantec Norton Antivirus with Backup | =10.0 | |
| Symantec Norton Antivirus with Backup | =10.0.1.1000 | |
| Symantec Norton Antivirus with Backup | =10.0.1.1007 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2000 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2001 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2002 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2010 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2011 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2020 | |
| Symantec Norton Antivirus with Backup | =10.0.2.2021 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/24802
- http://securitytracker.com/id?1018367
- http://securitytracker.com/id?1018371
- http://secunia.com/advisories/26036
- http://osvdb.org/36115
- http://www.vupen.com/english/advisories/2007/2506
- http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35354
Frequently Asked Questions
What is the severity of CVE-2007-3771?
CVE-2007-3771 is classified as a moderate severity vulnerability due to its potential to cause a denial of service.
How do I fix CVE-2007-3771?
To remediate CVE-2007-3771, upgrade to Symantec AntiVirus Corporate Edition version 10.1 or higher and Client Security version 3.1 or higher.
What types of software are affected by CVE-2007-3771?
CVE-2007-3771 affects various versions of Symantec AntiVirus Corporate Edition and Symantec Client Security prior to version 10.1 and 3.1 respectively.
What is the impact of exploiting CVE-2007-3771?
Exploiting CVE-2007-3771 can lead to a denial of service, causing the affected Symantec security software to crash.
Who is at risk from CVE-2007-3771?
Organizations using vulnerable versions of Symantec AntiVirus or Client Security may be at risk of experiencing service disruptions due to CVE-2007-3771.
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/symantec
- canonical/symantec client security
- version/symantec client security/2.0
- version/symantec client security/3.0
- version/symantec client security/3.0.1.1000
- version/symantec client security/3.0.1.1007
- version/symantec client security/3.0.1.1009
- version/symantec client security/3.0.2
- version/symantec client security/3.0.2.2000
- version/symantec client security/3.0.2.2001
- version/symantec client security/3.0.2.2002
- version/symantec client security/3.0.2.2011
- version/symantec client security/3.0.2.2021
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/9.0
- version/symantec norton antivirus with backup/9.0.0.338
- version/symantec norton antivirus with backup/9.0.1
- version/symantec norton antivirus with backup/9.0.1.1.1000
- version/symantec norton antivirus with backup/9.0.1.1000
- version/symantec norton antivirus with backup/9.0.2
- version/symantec norton antivirus with backup/9.0.2.1000
- version/symantec norton antivirus with backup/9.0.3.1000
- version/symantec norton antivirus with backup/9.0.4
- version/symantec norton antivirus with backup/9.0.5
- version/symantec norton antivirus with backup/9.0.5.1100
- version/symantec norton antivirus with backup/10.0
- version/symantec norton antivirus with backup/10.0.1.1000
- version/symantec norton antivirus with backup/10.0.1.1007
- version/symantec norton antivirus with backup/10.0.2.2000
- version/symantec norton antivirus with backup/10.0.2.2001
- version/symantec norton antivirus with backup/10.0.2.2002
- version/symantec norton antivirus with backup/10.0.2.2010
- version/symantec norton antivirus with backup/10.0.2.2011
- version/symantec norton antivirus with backup/10.0.2.2020
- version/symantec norton antivirus with backup/10.0.2.2021