1. CVE-Search
  2. CVE-2008-0308
ID CVE-2008-0308
Summary Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to cause a denial of service (memory consumption) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:scan_engine:-:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:scan_engine:-:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_clearswift:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_clearswift:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:aix:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:linux:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_filtering_domino_mpe:*:*:solaris:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_messaging:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_messaging:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_microsoft_sharepoint:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_microsoft_sharepoint:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_ms_isa:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_ms_isa:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_network_attached_storage:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_scan_engine:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_antivirus_scan_engine_caching:*:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:symantec_mail_security_exchange:*:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:symantec_mail_security_exchange:*:*:*:*:*:*:*:*
CVSS
Base: 7.1 (as of 08-03-2011 - 03:04)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:N/I:N/A:C
refmap via4
bid 27911
confirm http://www.symantec.com/avcenter/security/Content/2008.02.27.html
idefense 20080226 Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability
sectrack 1019503
secunia 29140
vupen ADV-2008-0680
Last major update 08-03-2011 - 03:04
Published 28-02-2008 - 20:44
Last modified 08-03-2011 - 03:04
Back to Top