CVE-2001-1099Unrestricted File Upload in Norton Antivirus

CWE-434Unrestricted File Upload3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
2.8%
top 13.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Symantec Norton Antivirus
Timeline
PublishedSep 7
Latest updateApr 30

Description

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-736q-94f7-6gfq: The default configuration of Norton AntiVirus for Microsoft Exchange 2000 22022-04-30
CVEList
CVE-2001-1099: The default configuration of Norton AntiVirus for Microsoft Exchange 2000 22002-06-25
CVE-2001-1099 — Unrestricted File Upload in Symantec | cvebase