Total
67 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2004-0683 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 5.0 MEDIUM | N/A |
Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories. | |||||
CVE-2004-0487 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 10.0 HIGH | N/A |
A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. | |||||
CVE-2004-0920 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 5.0 MEDIUM | N/A |
Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name. | |||||
CVE-2002-1774 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 7.5 HIGH | N/A |
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed. | |||||
CVE-2002-1776 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 7.5 HIGH | N/A |
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed. | |||||
CVE-2002-1777 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 7.5 HIGH | N/A |
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed. | |||||
CVE-2002-1775 | 1 Symantec | 1 Norton Antivirus | 2017-07-10 | 7.5 HIGH | N/A |
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed. | |||||
CVE-2005-2766 | 1 Symantec | 1 Norton Antivirus | 2016-10-17 | 2.1 LOW | N/A |
Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | |||||
CVE-2003-0994 | 1 Symantec | 4 Norton Antivirus, Norton Internet Security, Norton System Works and 1 more | 2016-10-17 | 7.2 HIGH | N/A |
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges. | |||||
CVE-2002-0485 | 1 Symantec | 1 Norton Antivirus | 2016-10-17 | 5.0 MEDIUM | N/A |
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients. | |||||
CVE-2000-0119 | 2 Mcafee, Symantec | 2 Virusscan, Norton Antivirus | 2016-10-17 | 7.2 HIGH | N/A |
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | |||||
CVE-1999-1323 | 1 Symantec | 1 Norton Antivirus | 2016-10-17 | 4.6 MEDIUM | N/A |
Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange (NAVMSE) 1.5 and earlier, store the administrator password in cleartext in (1) the navieg.ini file for NAVIEG, and (2) the ModifyPassword registry key in NAVMSE. | |||||
CVE-2007-3699 | 1 Symantec | 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more | 2012-10-30 | 9.3 HIGH | N/A |
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header. | |||||
CVE-2007-0447 | 1 Symantec | 13 Antivirus Scan Engine, Brightmail Antispam, Client Security and 10 more | 2012-10-30 | 9.3 HIGH | N/A |
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. | |||||
CVE-2010-3497 | 1 Symantec | 1 Norton Antivirus | 2012-08-22 | 6.4 MEDIUM | N/A |
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)." | |||||
CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2011-03-07 | 7.2 HIGH | N/A |
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. | |||||
CVE-2002-1540 | 1 Symantec | 1 Norton Antivirus | 2008-09-10 | 7.2 HIGH | N/A |
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | |||||
CVE-2000-0238 | 1 Symantec | 1 Norton Antivirus | 2008-09-10 | 5.0 MEDIUM | N/A |
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. | |||||
CVE-1999-1004 | 1 Symantec | 1 Norton Antivirus | 2008-09-09 | 5.0 MEDIUM | N/A |
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. | |||||
CVE-2005-3270 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 7.2 HIGH | N/A |
Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. |