Symantec AntiVirus Multiple Vulnerabilities (SYM10-002 / SYM10-003 / SYM10-004)

critical Nessus Plugin ID 69956

Synopsis

The remote host contains a program that is affected by multiple vulnerabilities.

Description

The version of Symantec Antivirus Corporate Edition (SAVCE) or Symantec Client Security is potentially affected by multiple vulnerabilities :

- If Symantec Tamper protection is disabled, it is possible to bypass scanning. (CVE-2010-0106)

- A browser-based input validation issue exists in SYMLTCOM.dll that can lead to a buffer overflow.
(CVE-2010-0107)

- A buffer overflow exists in the Symantec Client Proxy, 'CLIproxy.dll'. (CVE-2010-0108)

Solution

Upgrade to Symantec Client Security 3.1 MR9, Symantec AntiVirus 10.1 MR9, Symantec AntiVirus 10.2 MR4 or later.

See Also

http://www.nessus.org/u?040afc65

http://www.nessus.org/u?0737bdb6

http://www.nessus.org/u?bd8f454a

Plugin Details

Severity: Critical

ID: 69956

File Name: savce_sym10-004.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 9/18/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:symantec:antivirus, cpe:/a:symantec:client_security

Required KB Items: Antivirus/SAVCE/version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/17/2010

Vulnerability Publication Date: 2/17/2010

Reference Information

CVE: CVE-2010-0106, CVE-2010-0107, CVE-2010-0108

BID: 38217, 38219, 38222

CWE: 119

IAVA: 2010-A-0036