Vulnerability Name:

CVE-2007-3771 (CCN-35354)

Assigned:2007-07-11
Published:2007-07-11
Updated:2017-07-29
Summary:Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message.
Note: the original vendor advisory referenced CVE-2006-3456, but this was an error.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.6 Medium (CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C)
3.4 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2007-3771

Source: OSVDB
Type: UNKNOWN
36115

Source: CCN
Type: SA26036
Symantec Products Internet Email Auto-Protect Stack Overflow

Source: SECUNIA
Type: Patch, Vendor Advisory
26036

Source: CCN
Type: SYM07-016
Symantec Client Security Internet E-mail Auto-Protect Stack Overflow

Source: CONFIRM
Type: UNKNOWN
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html

Source: CCN
Type: SECTRACK ID: 1018367
Symantec Client Security Buffer Overflow in Realtime E-mail Scanning Lets Local Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1018367

Source: CCN
Type: SECTRACK ID: 1018371
Symantec Client Security Buffer Overflow in Realtime E-mail Scanning Lets Local Users Deny Service

Source: SECTRACK
Type: UNKNOWN
1018371

Source: CCN
Type: OSVDB ID: 35075
Symantec Multiple Products NAVOpts.dll ActiveX Arbitrary Code Execution

Source: CCN
Type: OSVDB ID: 36115
Symantec Multiple Products Internet Email Auto-Protect Outbound E-mail Handling Overflow

Source: BID
Type: UNKNOWN
24802

Source: CCN
Type: BID-24802
Symantec Client Security Internet E-mail Auto-Protect Stack Overflow Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2007-2506

Source: XF
Type: UNKNOWN
symantec-antivirus-emailautoprotect-bo(35354)

Source: XF
Type: UNKNOWN
symantec-antivirus-emailautoprotect-bo(35354)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:client_security:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.0.338:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.1.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.2.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.3.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.4:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.5:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:9.0.5.1100:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.1.1000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.1.1007:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2000:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2001:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2002:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2010:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2011:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2020:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:client_security:2.0::scf_7.1:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0::corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:9.0:-:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec client security 2.0
    symantec client security 3.0
    symantec client security 3.0.1.1000
    symantec client security 3.0.1.1007
    symantec client security 3.0.1.1009
    symantec client security 3.0.2
    symantec client security 3.0.2.2000
    symantec client security 3.0.2.2001
    symantec client security 3.0.2.2002
    symantec client security 3.0.2.2011
    symantec client security 3.0.2.2021
    symantec norton antivirus 9.0
    symantec norton antivirus 9.0.0.338
    symantec norton antivirus 9.0.1
    symantec norton antivirus 9.0.1.1.1000
    symantec norton antivirus 9.0.1.1000
    symantec norton antivirus 9.0.2
    symantec norton antivirus 9.0.2.1000
    symantec norton antivirus 9.0.3.1000
    symantec norton antivirus 9.0.4
    symantec norton antivirus 9.0.5
    symantec norton antivirus 9.0.5.1100
    symantec norton antivirus 10.0
    symantec norton antivirus 10.0.1.1000
    symantec norton antivirus 10.0.1.1007
    symantec norton antivirus 10.0.2.2000
    symantec norton antivirus 10.0.2.2001
    symantec norton antivirus 10.0.2.2002
    symantec norton antivirus 10.0.2.2010
    symantec norton antivirus 10.0.2.2011
    symantec norton antivirus 10.0.2.2020
    symantec norton antivirus 10.0.2.2021
    symantec client security 2.0
    symantec client security 3.0
    symantec client security 3.0.1.1000
    symantec client security 3.0.1.1007
    symantec client security 3.0.2
    symantec client security 3.0.2.2000
    symantec client security 3.0.2.2001
    symantec client security 3.0.2.2002
    symantec client security 3.0.2.2011
    symantec client security 3.0.2.2021
    symantec antivirus 10.0
    symantec antivirus 9.0 -
    symantec client security 3.0.1.1009