norton software vulnerabilities
vulnerabilities.aspcode.net
Searching norton software vulnerabilities
The default configurations for McAfee Virus Sca
configurations
|
Anti-Virus
|
malicious
|
attackers
|
detection
|
checkers
|
RECYCLED
|
Recycle
|
without
|
Windows
|
default
|
utility
|
allows
|
Norton
|
McAfee
|
folder
|
Virus
|
store
|
which
|
files
|
check
|
code
|
Scan
|
used
|
Bin
|
not
|
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
Norton AntiVirus 5.00.01C with the Novell Netwa
auto-protection
|
AntiVirus
|
properly
|
restart
|
service
|
Netware
|
50001C
|
Norton
|
system
|
logged
|
client
|
Novell
|
first
|
after
|
does
|
user
|
not
|
off
|
has
|
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
Symantec LiveUpdate 1.5 and earlier in Norton A
impersonate
|
LiveUpdate
|
usernames
|
passwords
|
attackers
|
cleartext
|
Antivirus
|
registry
|
Symantec
|
earlier
|
remote
|
stores
|
Norton
|
server
|
allow
|
local
|
which
|
may
|
Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernames and passwords for a local LiveUpdate server in cleartext in the registry, which may allow remote attackers to impersonate the LiveUpdate server.
Norton Anti-Virus (NAV) allows remote attackers
Anti-Virus
|
Norton
|
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
Norton Internet Security 2001 opens log files w
Security
|
Internet
|
Norton
|
Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.
The "block fragmented IP Packets" option in Sym
fragmented
|
Personal
|
Symantec
|
Firewall
|
Packets"
|
Norton
|
"block
|
option
|
The "block fragmented IP Packets" option in Symantec Norton Personal Firewall 2002 (NPW) does not properly protect against certain attacks on Windows vulnerabilities such as jolt2 (CVE-2000-0305).
The POP3 proxy service (POPROXY.EXE) in Norton
service
|
proxy
|
POP3
|
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
The DeviceIoControl function in the Norton Devi
DeviceIoControl
|
function
|
Driver
|
Device
|
Norton
|
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
Stack-based buffer overflow in the SymSpamHelpe
SymSpamHelper
|
Stack-based
|
component
|
overflow
|
ActiveX
|
buffer
|
Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method.
The WrapNISUM ActiveX component (WrapUM.dll) in
component
|
WrapNISUM
|
ActiveX
|
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
The SYMDNS.SYS driver in Symantec Norton Intern
Professional
|
SYMDNSSYS
|
Internet
|
Security
|
Symantec
|
driver
|
Norton
|
The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name pointer that points to itself.
A certain ActiveX control in Symantec Norton An
AntiVirus
|
Symantec
|
control
|
certain
|
ActiveX
|
Norton
|
A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs.
Symantec Norton AntiVirus 2002 and 2003 allows
AntiVirus
|
Symantec
|
Norton
|
Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories.
Symantec Norton AntiVirus 2004, and earlier ver
AntiVirus
|
Symantec
|
Norton
|
Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name.
Symantec Norton SystemWorks and SystemWorks Pre
SystemWorks
|
Symantec
|
Premier
|
Norton
|
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.
Symantec Norton Personal Firewall 2006 9.1.0.33
Personal
|
Firewall
|
Symantec
|
Norton
|
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.
Buffer overflow in Ghost Service Manager, as us
BackupExec
|
LiveState
|
Symantec
|
Recovery
|
overflow
|
Service
|
Manager
|
Buffer
|
System
|
before
|
Norton
|
Ghost
|
used
|
Save
|
Buffer overflow in Ghost Service Manager, as used in Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before Thursday, April 26, 2007, allows local users to gain privileges via a long string.
Symantec Norton Ghost, Norton Save & Recovery,
BackupExec
|
LiveState
|
Recovery
|
Symantec
|
System
|
before
|
Norton
|
Ghost
|
Save
|
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before Thursday, April 26, 2007, when remote backups of restore point images are configured, encrypt network share credentials with a key formed by a hash of the username, which allows local users to obtain the credentials by calculating the key.
Symantec Norton Ghost, Norton Save & Recovery,
BackupExec
|
LiveState
|
Recovery
|
Symantec
|
System
|
before
|
Norton
|
Ghost
|
Save
|
Symantec Norton Ghost, Norton Save & Recovery, LiveState Recovery, and BackupExec System Recovery before Thursday, April 26, 2007, when remote backups of restore points images are configured, uses weak permissions (world readable) for a configuration file with network share credentials, which allows local users to obtain the credentials by reading the file.
Buffer overflow in RemoteCommand.DLL in Symante
RemoteCommandDLL
|
Symantec
|
overflow
|
Norton
|
Buffer
|
Ghost
|
Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 allows remote attackers to execute arbitrary code via the Connect function.
Software vulnerabilities results 1 to 20 of 49
Page:
1
2
3
►