CVE-2010-3497 — Norton Antivirus vulnerability

CWE-2643 documents3 sources

Severity

6.4MEDIUMNVD

EPSS

9.2%

top 7.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Antivirus

Timeline

PublishedAug 22

Latest updateMay 17

Description

Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodol…

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDsymantec/norton_antivirus2011

🔴Vulnerability Details

GHSA

GHSA-52mx-3vcf-9vxc: Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it↗2022-05-17

▶

CVEList

CVE-2010-3497: Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it↗2012-08-22

▶