CVE-2008-0312: Buffer Overflow
First published: Tue Apr 08 2008(Updated: )
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows | ||
| Symantec Norton 360 | =1.0 | |
| Symantec Norton Antivirus with Backup | =2006 | |
| Symantec Norton Antivirus with Backup | =2007 | |
| Symantec Norton Antivirus with Backup | =2008 | |
| Symantec Norton Internet Security | =2006 | |
| Symantec Norton Internet Security | =2007 | |
| Symantec Norton Internet Security | =2008 | |
| Symantec Norton System Works | =2006 | |
| Symantec Norton System Works | =2007 | |
| Symantec Norton System Works | =2008 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
- http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
- http://www.securityfocus.com/bid/28507
- http://www.securitytracker.com/id?1019751
- http://www.securitytracker.com/id?1019752
- http://www.securitytracker.com/id?1019753
- http://secunia.com/advisories/29660
- http://www.vupen.com/english/advisories/2008/1077/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41629
Frequently Asked Questions
What is the severity of CVE-2008-0312?
CVE-2008-0312 is classified as a critical vulnerability due to its potential for remote code execution.
How do I fix CVE-2008-0312?
To fix CVE-2008-0312, users should update their affected Symantec Norton products to the latest versions provided by Symantec.
Which Symantec products are affected by CVE-2008-0312?
CVE-2008-0312 affects multiple Symantec Norton products including Norton 360 1.0, Norton Antivirus 2006 through 2008, and Norton Internet Security 2006 through 2008.
What type of attack does CVE-2008-0312 enable?
CVE-2008-0312 enables remote attackers to execute arbitrary code on the affected systems.
Is CVE-2008-0312 specific to a particular operating system?
No, CVE-2008-0312 is not specific to a particular operating system as it affects various versions of Symantec Norton products running on Windows.
- collector/nvd-historical
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows
- vendor/symantec
- canonical/symantec norton 360
- version/symantec norton 360/1.0
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/2006
- version/symantec norton antivirus with backup/2007
- version/symantec norton antivirus with backup/2008
- canonical/symantec norton internet security
- version/symantec norton internet security/2006
- version/symantec norton internet security/2007
- version/symantec norton internet security/2008
- canonical/symantec norton system works
- version/symantec norton system works/2006
- version/symantec norton system works/2007
- version/symantec norton system works/2008