CVE-2007-0447

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

10.8%

top 6.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Antivirus Scan Engine Symantec Brightmail Antispam Symantec Client Security +9 more

Timeline

PublishedOct 5

Latest updateMay 1

Description

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages12 packages

▶NVDsymantec/web_security16 versions+15

▶NVDsymantec/mail_security16 versions+15

▶NVDsymantec/client_security25 versions+24

▶NVDsymantec/norton_antivirus38 versions+37

▶NVDsymantec/brightmail_antispam7 versions+6

Patches

Patch: securityresponse.symantec.com ↗Patch: securityresponse.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-cc6v-894q-7f8q: Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple cr↗2022-05-01

▶

CVEList

CVE-2007-0447: Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple cr↗2007-10-05

▶