Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-0108

CWE-119 — Buffer Overflow5 documents4 sources

Severity

10.0CRITICAL

EPSS

13.2%

top 5.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Antivirus Symantec Client Security Symantec Endpoint Protection

Timeline

PublishedFeb 19

Latest updateMay 2

Description

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDsymantec/client_security18 versions+17

▶NVDsymantec/antivirus23 versions+22

▶NVDsymantec/endpoint_protection11.0

🔴Vulnerability Details

GHSA

GHSA-4w3v-xg6m-mghp: Buffer overflow in the cliproxy↗2022-05-02

▶

CVEList

CVE-2010-0108: Buffer overflow in the cliproxy↗2010-02-19

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office Groove 2007 - 'mso.dll' DLL Hijacking↗2010-08-25

▶

Exploit-DB

Symantec (Multiple Products) - Client Proxy ActiveX 'CLIproxy.dll' Remote Overflow↗2010-02-17

▶