Symantec Enterprise Vault < 10.0.2 Multiple Vulnerabilities in Oracle Outside-In Libraries (SYM12-015)

low Nessus Plugin ID 62458

Synopsis

An archiving application installed on the remote host has multiple vulnerabilities.

Description

The version of Symantec Enterprise Vault installed on the remote host uses a version of the Oracle Outside-In libraries that contains multiple vulnerabilities. A remote attacker could send an email with a malicious attachment to be downloaded and stored in a user's mail box until processed for archiving thus potentially resulting in a denial of service in the application or allow arbitrary code execution.

Solution

Upgrade to Symantec Enterprise Vault version 10.0.2 or later.

See Also

http://www.nessus.org/u?07dc310c

http://www.nessus.org/u?ea261c73

Plugin Details

Severity: Low

ID: 62458

File Name: symantec_enterprise_vault_sym12-015.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 10/9/2012

Updated: 12/4/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2012-3110

Vulnerability Information

CPE: x-cpe:/a:symantec:enterprise_vault

Required KB Items: SMB/enterprise_vault/path, SMB/enterprise_vault/ver

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/28/2012

Vulnerability Publication Date: 4/20/2012

Exploitable With

ExploitHub (EH-12-497)

Reference Information

CVE: CVE-2012-1766, CVE-2012-1767, CVE-2012-1768, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, CVE-2012-3109, CVE-2012-3110

BID: 54497, 54500, 54504, 54506, 54511, 54531, 54536, 54541, 54543, 54546, 54548, 54550, 54554

CERT: 118913