CVE-2010-0107

CWE-119 — Buffer Overflow3 documents3 sources

Severity

9.3CRITICAL

EPSS

27.1%

top 3.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Client Security Symantec Norton 360 Symantec Norton Antivirus +1 more

Timeline

PublishedFeb 23

Latest updateMay 2

Description

Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages4 packages

▶NVDsymantec/norton_internet_security2006, 2007, 2008+2

▶NVDsymantec/client_security20 versions+19

▶NVDsymantec/norton_3601.0, 2.0+1

▶NVDsymantec/norton_antivirus2006, 2007, 2008+2

🔴Vulnerability Details

GHSA

GHSA-r9jq-chpq-69vv: Buffer overflow in an ActiveX control (SYMLTCOM↗2022-05-02

▶

CVEList

CVE-2010-0107: Buffer overflow in an ActiveX control (SYMLTCOM↗2010-02-23

▶