CVE-2004-0363 - Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam

CVE-2004-0363

Summary

Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method.

References

Vulnerable Configurations

cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_antispam:2004:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	9916
bugtraq	20040319 Norton AntiSpam Remote Buffer Overrun (#NISR19042004a) 20040319 Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b
cert-vn	VU#344718
confirm	http://www.sarc.com/avcenter/security/Content/2004.03.19.html
misc	http://www.nextgenss.com/advisories/antispam.txt
secunia	11169
xf	nas-launchcustomrulewizard-bo(15536)

saint via4

bid	9916
description	Norton AntiSpam 2004 SymSpamHelper ActiveX control buffer overflow
id	misc_symspam
osvdb	6249
title	norton_antispam_symspam_rulewizard
type	client

Last major update

11-07-2017 - 01:30

Published

15-04-2004 - 04:00

Last modified

11-07-2017 - 01:30