Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0375

4 documents4 sources

Severity

5.0MEDIUM

EPSS

11.0%

top 6.57%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Client Firewall Symantec Client Security Symantec Norton Internet Security +1 more

Timeline

PublishedAug 18

Latest updateApr 29

Description

SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶NVDsymantec/norton_internet_security2003, 2004+1

▶NVDsymantec/norton_personal_firewall2003, 2004+1

▶NVDsymantec/client_firewall5.01, 5.1.1+1

▶NVDsymantec/client_security1.0, 1.1+1

🔴Vulnerability Details

GHSA

GHSA-pg4x-f3qp-5vxc: SYMNDIS↗2022-04-29

▶

CVEList

CVE-2004-0375: SYMNDIS↗2004-05-05

▶

💥Exploits & PoCs

Exploit-DB

Symantec Client Firewall Products 5 - 'SYMNDIS.SYS' Driver Remote Denial of Service↗2004-03-18

▶