Vulnerability Name:
CVE-2004-2147 (CCN-22235)
Assigned:
2004-09-25
Published:
2004-09-25
Updated:
2008-09-05
Summary:
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Low
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
)
3.8 Low
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UC
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Partial
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
)
3.8 Low
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UC
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
None
Integrity (I):
None
Availibility (A):
Partial
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Denial of Service
References:
Source: CCN
Type: VulnDev Mailing List, Sat Sep 25 2004 - 17:29:30 CDT
No body emails and Norton antivirus
Source: MITRE
Type: CNA
CVE-2004-2147
Source: CCN
Type: Symantec Web site
Symantec - LiveUpdate files
Source: CCN
Type: OSVDB ID: 45007
Symantec Norton Anti-Virus E-mail Message Malformed Header / Body Separation Remote DoS
Source: CCN
Type: OSVDB ID: 45008
Microsoft Outlook E-mail Message Malformed Header / Body Separation Remote DoS
Source: VULN-DEV
Type: Vendor Advisory
20040925 No body emails and Norton antivirus
Source: BID
Type: UNKNOWN
11259
Source: CCN
Type: BID-11259
Symantec Norton AntiVirus Malformed EMail Denial Of Service Vulnerability
Source: XF
Type: UNKNOWN
norton-message-body-dos(22235)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:symantec:norton_antivirus:2.1:*:ms_exchange:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.0:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.2:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.5:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.6:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.51:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.60.build_926:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_7.61:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:corporate_8.0:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:professional_2001:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:professional_2002:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:professional_2003:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:professional_2004:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:symantec:norton_antivirus:2001:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2002:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2003:*:*:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2004::professional:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:8.0::corporate:*:*:*:*:*
OR
cpe:/a:symantec:norton_antivirus:2003::professional:*:*:*:*:*
AND
cpe:/a:microsoft:outlook:*:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
symantec
norton antivirus 2.1
symantec
norton antivirus 2001
symantec
norton antivirus 2002
symantec
norton antivirus 2003
symantec
norton antivirus corporate_7.0
symantec
norton antivirus corporate_7.2
symantec
norton antivirus corporate_7.5
symantec
norton antivirus corporate_7.6
symantec
norton antivirus corporate_7.51
symantec
norton antivirus corporate_7.60.build_926
symantec
norton antivirus corporate_7.61
symantec
norton antivirus corporate_8.0
symantec
norton antivirus professional_2001
symantec
norton antivirus professional_2002
symantec
norton antivirus professional_2003
symantec
norton antivirus professional_2004
symantec
norton antivirus 2001
symantec
norton antivirus 2002
symantec
norton antivirus 2003
symantec
norton antivirus 2004
symantec
norton antivirus 8.0
symantec
norton antivirus 2003
microsoft
outlook *