CVE-2008-0313
First published: Tue Apr 08 2008(Updated: )
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Norton Internet Security 2010 | =2008 | |
| Symantec Norton Antivirus with Backup | =2008 | |
| Symantec Norton Internet Security 2010 | =2007 | |
| Symantec Norton Antivirus with Backup | =2007 | |
| Symantec Norton System Works | =2006 | |
| Symantec Norton System Works | =2007 | |
| Symantec Norton Antivirus with Backup | =2006 | |
| Symantec Norton System Works | =2008 | |
| Symantec Norton Internet Security 2010 | =2006 | |
| Symantec Norton 360 | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678
- http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
- http://www.securityfocus.com/bid/28509
- http://www.securitytracker.com/id?1019751
- http://www.securitytracker.com/id?1019752
- http://www.securitytracker.com/id?1019753
- http://secunia.com/advisories/29660
- http://www.vupen.com/english/advisories/2008/1077/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41631
Frequently Asked Questions
What is the severity of CVE-2008-0313?
CVE-2008-0313 has a high severity level due to remote code execution risks.
Which Symantec products are affected by CVE-2008-0313?
CVE-2008-0313 affects multiple versions of Symantec Norton products, including Norton 360 1.0 and Norton Antivirus from 2006 to 2008.
How do I fix CVE-2008-0313?
To fix CVE-2008-0313, update your affected Symantec software to the latest version available.
What type of vulnerability is CVE-2008-0313?
CVE-2008-0313 is classified as a remote code execution vulnerability in ActiveX controls.
Is there a workaround for CVE-2008-0313 if I can't update my software?
Disabling the ActiveX control associated with CVE-2008-0313 can serve as a temporary workaround.
- agent/remedy
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec
- canonical/symantec norton internet security 2010
- version/symantec norton internet security 2010/2008
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/2008
- version/symantec norton internet security 2010/2007
- version/symantec norton antivirus with backup/2007
- canonical/symantec norton system works
- version/symantec norton system works/2006
- version/symantec norton system works/2007
- version/symantec norton antivirus with backup/2006
- version/symantec norton system works/2008
- version/symantec norton internet security 2010/2006
- canonical/symantec norton 360
- version/symantec norton 360/1.0