CVE-2007-3771

3 documents3 sources
Severity
4.6MEDIUM
EPSS
0.1%
top 82.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symantec Client SecuritySymantec Norton Antivirus
Timeline
PublishedJul 15
Latest updateMay 1

Description

Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.1 | Impact: 6.9

Affected Packages2 packages

NVDsymantec/client_security11 versions+10
NVDsymantec/norton_antivirus21 versions+20

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-f844-8gxq-37w7: Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 102022-05-01
CVEList
CVE-2007-3771: Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 102007-07-15
CVE-2007-3771 (MEDIUM CVSS 4.6) | Stack-based buffer overflow in the | cvebase.io