1. CVE-Search
  2. CVE-2008-0313
ID CVE-2008-0313
Summary The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_360:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:system_works:2006:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:system_works:2006:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:system_works:2007:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:system_works:2007:*:*:*:*:*:*:*
  • cpe:2.3:a:symantec:system_works:2008:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:system_works:2008:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 08-08-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid 28509
confirm http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
idefense 20080402 Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulnerability
sectrack
  • 1019751
  • 1019752
  • 1019753
secunia 29660
vupen ADV-2008-1077
xf symantec-autofixtool-code-execution(41631)
Last major update 08-08-2017 - 01:29
Published 08-04-2008 - 17:05
Last modified 08-08-2017 - 01:29
Back to Top