CVE-2007-3021

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.symantec.com/avcenter/security/Content/2007.06.05a.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/24313
http://www.securitytracker.com/id?1018196
http://secunia.com/advisories/25543
http://www.vupen.com/english/advisories/2007/2074
http://osvdb.org/36109
https://exchange.xforce.ibmcloud.com/vulnerabilities/34744

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:client_security:3.1.394:::::::*
	cpe:2.3:a:symantec:client_security:3.1.396:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
	cpe:2.3:a:symantec:reporting_server::::::::
	cpe:2.3:a:symantec:client_security:3.1:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
	cpe:2.3:a:symantec:client_security:3.1.400:::::::*
	cpe:2.3:a:symantec:client_security:3.1.401:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::

Information

Published : 2007-06-05 14:30

Updated : 2017-07-28 18:31

NVD link : CVE-2007-3021

Mitre link : CVE-2007-3021

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

symantec

reporting_server
client_security
norton_antivirus

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html", "name": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/24313", "name": "24313", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1018196", "name": "1018196", "tags": [], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/25543", "name": "25543", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2007/2074", "name": "ADV-2007-2074", "tags": [], "refsource": "VUPEN"}, {"url": "http://osvdb.org/36109", "name": "36109", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744", "name": "symantec-reporting-code-execution(34744)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-3021", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-06-05T21:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0.197.0"}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:31Z"}