CVE-2010-0107: Buffer Overflow
First published: Tue Feb 23 2010(Updated: )
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Client Security | =3.0 | |
| Symantec Client Security | =3.0.1.1009 | |
| Symantec Norton Internet Security | =2008 | |
| Symantec Norton 360 | =2.0 | |
| Symantec Client Security | =3.0.2.2020 | |
| Symantec Norton Antivirus with Backup | =2008 | |
| Symantec Client Security | =3.0.2.2021 | |
| Symantec Norton Internet Security | =2007 | |
| Symantec Norton Antivirus with Backup | =2007 | |
| Symantec Client Security | =3.0.1.1000 | |
| Symantec Client Security | =3.1-mr6 | |
| Symantec Client Security | =3.1.0.401 | |
| Symantec Client Security | =3.0.2.2002 | |
| Symantec Client Security | =3.0.1.1008 | |
| Symantec Client Security | =3.0.2.2011 | |
| Symantec Client Security | =3.0.2 | |
| Symantec Client Security | =3.1.396 | |
| Symantec Client Security | =3.0.1.1001 | |
| Symantec Client Security | =3.0.2.2001 | |
| Symantec Norton Antivirus with Backup | =2006 | |
| Symantec Client Security | =3.1.401 | |
| Symantec Norton Internet Security | =2006 | |
| Symantec Client Security | =3.1.400 | |
| Symantec Client Security | =3.0.2.2010 | |
| Symantec Client Security | =3.1 | |
| Symantec Client Security | =3.1-mr4 | |
| Symantec Client Security | =3.1.0.396 | |
| Symantec Client Security | =3.0.2.2000 | |
| Symantec Client Security | =3.0.1.1007 | |
| Symantec Norton 360 | =1.0 | |
| Symantec Client Security | =3.1-mr5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securitytracker.com/id?1023631
- http://www.securitytracker.com/id?1023629
- http://www.vupen.com/english/advisories/2010/0411
- http://www.securitytracker.com/id?1023628
- http://www.securitytracker.com/id?1023630
- http://secunia.com/advisories/38654
- http://www.securityfocus.com/bid/38217
- http://osvdb.org/62412
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56357
- http://www.securityfocus.com/archive/1/509717/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2010-0107?
CVE-2010-0107 is classified as a high severity vulnerability due to its ability to cause a denial of service.
How do I fix CVE-2010-0107?
To fix CVE-2010-0107, ensure that you update your Symantec product to the latest version available that addresses this vulnerability.
Which products are affected by CVE-2010-0107?
CVE-2010-0107 affects specific versions of Symantec Norton 360, Norton Internet Security, Norton Antivirus, and Symantec Client Security.
What type of attack can exploit CVE-2010-0107?
CVE-2010-0107 can be exploited by remote attackers to execute a buffer overflow, potentially leading to service crashes.
Is there a workaround for CVE-2010-0107?
Currently, the best workaround for CVE-2010-0107 is to disable the affected ActiveX control until the software can be updated.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/symantec
- canonical/symantec client security
- version/symantec client security/3.0
- version/symantec client security/3.0.1.1009
- canonical/symantec norton internet security
- version/symantec norton internet security/2008
- canonical/symantec norton 360
- version/symantec norton 360/2.0
- version/symantec client security/3.0.2.2020
- canonical/symantec norton antivirus with backup
- version/symantec norton antivirus with backup/2008
- version/symantec client security/3.0.2.2021
- version/symantec norton internet security/2007
- version/symantec norton antivirus with backup/2007
- version/symantec client security/3.0.1.1000
- version/symantec client security/3.1-mr6
- version/symantec client security/3.1.0.401
- version/symantec client security/3.0.2.2002
- version/symantec client security/3.0.1.1008
- version/symantec client security/3.0.2.2011
- version/symantec client security/3.0.2
- version/symantec client security/3.1.396
- version/symantec client security/3.0.1.1001
- version/symantec client security/3.0.2.2001
- version/symantec norton antivirus with backup/2006
- version/symantec client security/3.1.401
- version/symantec norton internet security/2006
- version/symantec client security/3.1.400
- version/symantec client security/3.0.2.2010
- version/symantec client security/3.1
- version/symantec client security/3.1-mr4
- version/symantec client security/3.1.0.396
- version/symantec client security/3.0.2.2000
- version/symantec client security/3.0.1.1007
- version/symantec norton 360/1.0
- version/symantec client security/3.1-mr5