CVE-2008-0312

CVSS V2 High 9.3 CVSS V3 None
Description
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
Overview
  • CVE ID
  • CVE-2008-0312
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2008-04-08T17:05:00
  • Last Modified Date
  • 2017-08-08T01:29:28
Weakness Enumerations
CWE URL
CWE-119 http://cwe.mitre.org/data/definitions/119.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_system_works:2007:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:symantec:norton_system_works:2008:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9.3
  • Severity
  • HIGH
  • Exploitability Score
  • 8.6
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html Patch
http://www.securityfocus.com/bid/28507 Patch
http://www.securitytracker.com/id?1019751 Patch
http://www.securitytracker.com/id?1019752 Patch
http://www.securitytracker.com/id?1019753 Patch
http://secunia.com/advisories/29660 Patch Vendor Advisory
http://www.vupen.com/english/advisories/2008/1077/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41629
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2008-0312
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0312
History
Created Old Value New Value Data Type Notes
2022-05-10 09:09:09 Added to TrackCVE