CERTA-2010-AVI-111
Vulnerability from certfr_avis

Une vulnérabilité dans un module tiers intégré dans certains produits Symantec, et concernant le traitement des documents utilisant la technologie OLE a été corrigée, et le module a été mis à jour.

Description

Une vulnérabilité dans le module tiers Autonomy KeyView Filter, intégré dans certains produits Symantec, et concernant le traitement des documents utilisant la technologie OLE, a été corrigée. La version à jour du module a été intégrée dans les dernières versions des produits Symantec.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Symantec N/A Symantec Data Loss Prevention Enforce/Detection Servers for Windows 8.1.1, 9.x, 10.0;
Symantec N/A Symantec IM Manager 2007 8.x.
Symantec N/A Symantec Data Loss Prevention Endpoint Agents 9.x ;
Symantec N/A Symantec Mail Security for SMTP (EOL) 5.0.x ;
Symantec N/A Symantec Data Loss Prevention Endpoint Agents 10.0 ;
Symantec N/A Symantec Mail Security for Domino 8.0.2, 8.0.1, 8.0, 7.5.8, 7.5.7, 7.5.6, 7.5.5.32, 7.5.4.29, 7.5.3.25 ;
Symantec N/A Symantec Data Loss Prevention Enforce/Detection Servers for Linux 8.1.1, 9.x, 10.0;
Symantec N/A Symantec Data Loss Prevention Enforce/Detection Servers 7.2 ;
Symantec N/A Symantec Data Loss Prevention Endpoint Agents 8.1.1 ;
Symantec N/A Symantec Mail Security for Microsoft Exchange 6.0.9, 6.0.8, 6.0.7, 6.0.6, 5.0.13, 5.0.12, 5.0.11, 5.0.10 ;
Symantec N/A Symantec BrightMail Gateway 8.0.0, 8.0.1, 8.0.2 ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Symantec Data Loss Prevention Enforce/Detection Servers for Windows 8.1.1, 9.x, 10.0;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec IM Manager 2007 8.x.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Loss Prevention Endpoint Agents 9.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for SMTP (EOL) 5.0.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Loss Prevention Endpoint Agents 10.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for Domino 8.0.2, 8.0.1, 8.0, 7.5.8, 7.5.7, 7.5.6, 7.5.5.32, 7.5.4.29, 7.5.3.25 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Loss Prevention Enforce/Detection Servers for Linux 8.1.1, 9.x, 10.0;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Loss Prevention Enforce/Detection Servers 7.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Data Loss Prevention Endpoint Agents 8.1.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec Mail Security for Microsoft Exchange 6.0.9, 6.0.8, 6.0.7, 6.0.6, 5.0.13, 5.0.12, 5.0.11, 5.0.10 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    },
    {
      "description": "Symantec BrightMail Gateway 8.0.0, 8.0.1, 8.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Symantec",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans le module tiers Autonomy KeyView Filter, int\u00e9gr\u00e9\ndans certains produits Symantec, et concernant le traitement des\ndocuments utilisant la technologie OLE, a \u00e9t\u00e9 corrig\u00e9e. La version \u00e0\njour du module a \u00e9t\u00e9 int\u00e9gr\u00e9e dans les derni\u00e8res versions des produits\nSymantec.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-3032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3032"
    }
  ],
  "initial_release_date": "2010-03-05T00:00:00",
  "last_revision_date": "2010-03-05T00:00:00",
  "links": [],
  "reference": "CERTA-2010-AVI-111",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2010-03-05T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans un module tiers int\u00e9gr\u00e9 dans certains produits\nSymantec, et concernant le traitement des documents utilisant la\ntechnologie OLE a \u00e9t\u00e9 corrig\u00e9e, et le module a \u00e9t\u00e9 mis \u00e0 jour.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans des produits Symantec",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM10-006 du 04 mars 2010",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisoryi\u0026suid=2010304_00"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.