Symantec Norton Internet Security vulnerabilities

CVE-2006-1836 [MEDIUM] CVE-2006-1836: Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3 Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.

CVE-2005-0922 [MEDIUM] CVE-2005-0922: Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.

CVE-2005-1346 [LOW] CVE-2005-1346: Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Secur Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid de

CVE-2005-0923 [LOW] CVE-2005-0923: The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as als The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.

CVE-2005-0249 [HIGH] CVE-2005-0249: Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attack Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

CVE-2004-0375 [MEDIUM] CVE-2004-0375: SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 20 SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero.

CVE-2004-0444 [CRITICAL] CVE-2004-0444: Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 t Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allow remote attackers to cause a denial of service or execute arbitrary code via (1) a manipulated length byte

CVE-2004-0445 [LOW] CVE-2004-0445: The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norto The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004, Norton AntiSpam 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 through 2.0 allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a DNS response with a compressed name poi

CVE-2004-0364 [HIGH] CVE-2004-0364: The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scr The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.

CVE-2003-0994 [HIGH] CVE-2003-0994: The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as us The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.

CVE-2003-1149 [MEDIUM] CVE-2003-1149: Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows r Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web script or HTML via a URL to a blocked site, which is displayed on the blocked sites error page.

CVE-2002-1695 [MEDIUM] CVE-2002-1695: Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while Norton Internet Security is running.

CVE-2002-0663 [HIGH] CVE-2002-0663: Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Int Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.