Norton Antivirus
by Symantec
CVEs (81)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-4855 | 0.03 | — | 0.01 | Sep 19, 2006 | The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x,… | |||
| CVE-2003-1310 | 0.03 | — | 0.01 | Dec 31, 2003 | The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack"). | |||
| CVE-2000-0119 | 0.03 | — | 0.01 | Dec 22, 1999 | The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | |||
| CVE-2005-0249 | 0.02 | — | 0.19 | Feb 8, 2005 | Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | |||
| CVE-2010-0107 | 0.01 | — | 0.07 | Feb 23, 2010 | Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a… | |||
| CVE-2009-1431 | 0.01 | — | 0.08 | Apr 29, 2009 | XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7,… | |||
| CVE-2006-6490 | 0.01 | — | 0.10 | Feb 22, 2007 | Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute… | |||
| CVE-2004-0487 | 0.01 | — | 0.06 | Aug 18, 2004 | A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. | |||
| CVE-2012-4953 | 0.00 | — | 0.06 | Nov 14, 2012 | The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of… | |||
| CVE-2010-3497 | 0.00 | — | 0.03 | Aug 22, 2012 | Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a… | |||
| CVE-2011-0688 | 0.00 | — | 0.04 | Jan 31, 2011 | Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted… | |||
| CVE-2010-0110 | 0.00 | — | 0.05 | Jan 31, 2011 | Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to… | |||
| CVE-2010-3268 | 0.00 | — | 0.03 | Dec 22, 2010 | The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint… | |||
| CVE-2010-0106 | 0.00 | — | 0.01 | Feb 19, 2010 | The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific… | |||
| CVE-2009-3104 | 0.00 | — | 0.02 | Sep 8, 2009 | Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when… | |||
| CVE-2009-1432 | 0.00 | — | 0.04 | Apr 30, 2009 | Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP)… | |||
| CVE-2009-1428 | 0.00 | — | 0.02 | Apr 29, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow… | |||
| CVE-2008-5543 | 0.00 | — | 0.03 | Dec 12, 2008 | Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or… | |||
| CVE-2008-0313 | 0.00 | — | 0.04 | Apr 8, 2008 | The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008,… | |||
| CVE-2008-0312 | 0.00 | — | 0.06 | Apr 8, 2008 | Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote… |
- CVE-2006-4855Sep 19, 2006risk 0.03cvss —epss 0.01
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x,…
- CVE-2003-1310Dec 31, 2003risk 0.03cvss —epss 0.01
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
- CVE-2000-0119Dec 22, 1999risk 0.03cvss —epss 0.01
The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection.
- CVE-2005-0249Feb 8, 2005risk 0.02cvss —epss 0.19
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
- CVE-2010-0107Feb 23, 2010risk 0.01cvss —epss 0.07
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a…
- CVE-2009-1431Apr 29, 2009risk 0.01cvss —epss 0.08
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7,…
- CVE-2006-6490Feb 22, 2007risk 0.01cvss —epss 0.10
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute…
- CVE-2004-0487Aug 18, 2004risk 0.01cvss —epss 0.06
A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs.
- CVE-2012-4953Nov 14, 2012risk 0.00cvss —epss 0.06
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of…
- CVE-2010-3497Aug 22, 2012risk 0.00cvss —epss 0.03
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a…
- CVE-2011-0688Jan 31, 2011risk 0.00cvss —epss 0.04
Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted…
- CVE-2010-0110Jan 31, 2011risk 0.00cvss —epss 0.05
Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allow remote attackers to…
- CVE-2010-3268Dec 22, 2010risk 0.00cvss —epss 0.03
The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (AMS), as used in Symantec Antivirus Corporate Edition 10.1.4.4010 on Windows 2000 SP4 and Symantec Endpoint…
- CVE-2010-0106Feb 19, 2010risk 0.00cvss —epss 0.01
The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before MR9, AntiVirus 10.2.x, and Client Security 3.0.x and 3.1.x before MR9, when Tamper protection is disabled, allows remote attackers to cause a denial of service (prevention of on-demand scanning) via "specific…
- CVE-2009-3104Sep 8, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when…
- CVE-2009-1432Apr 30, 2009risk 0.00cvss —epss 0.04
Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP)…
- CVE-2009-1428Apr 29, 2009risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow…
- CVE-2008-5543Dec 12, 2008risk 0.00cvss —epss 0.03
Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or…
- CVE-2008-0313Apr 8, 2008risk 0.00cvss —epss 0.04
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008,…
- CVE-2008-0312Apr 8, 2008risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote…
Page 2 of 5