Vulnerability Name:

CVE-2010-0107 (CCN-56357)

Assigned:2009-12-31
Published:2010-02-17
Updated:2018-10-10
Summary:Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Note: this is only a vulnerability if the attacker can "masquerade as an authorized site."
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-0107

Source: OSVDB
Type: UNKNOWN
62412

Source: CCN
Type: SA38654
Symantec Products "SYMLTCOM.dll" ActiveX Control Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
38654

Source: CCN
Type: SECTRACK ID: 1023628
Norton Internet Security Buffer Overflow in SYMLTCOM.dll ActiveX Control Lets Remote Users Execute Arbitrary Code in Certain Limited Cases

Source: CCN
Type: SECTRACK ID: 1023629
Norton Anti-Virus Buffer Overflow in SYMLTCOM.dll ActiveX Control Lets Remote Users Execute Arbitrary Code in Certain Limited Cases

Source: CCN
Type: SECTRACK ID: 1023630
Norton System Works Buffer Overflow in SYMLTCOM.dll ActiveX Control Lets Remote Users Execute Arbitrary Code in Certain Limited Cases

Source: CCN
Type: SECTRACK ID: 1023631
Symantec Client Security Buffer Overflow in SYMLTCOM.dll ActiveX Control Lets Remote Users Execute Arbitrary Code in Certain Limited Cases

Source: CCN
Type: OSVDB ID: 62412
Symantec Multiple Products SYMLTCOM.dll ActiveX Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20100224 VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow Vulnerability

Source: BID
Type: UNKNOWN
38217

Source: CCN
Type: BID-38217
Multiple Symantec Products 'SYMLTCOM.dll' ActiveX Stack Buffer Overflow Vulnerability

Source: SECTRACK
Type: UNKNOWN
1023628

Source: SECTRACK
Type: UNKNOWN
1023629

Source: SECTRACK
Type: UNKNOWN
1023630

Source: SECTRACK
Type: UNKNOWN
1023631

Source: CCN
Type: SYM10-003
Input validation errors in SYMLTCOM.dll can lead to a buffer overflow

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0411

Source: XF
Type: UNKNOWN
symantec-symltcom-activex-bo(56357)

Source: XF
Type: UNKNOWN
symantec-symltcom-activex-bo(56357)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1009:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr4:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr5:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr6:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.396:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.400:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.401:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_360:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_360:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:norton_system_works:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_360:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_antivirus:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_internet_security:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_system_works:2008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:norton_360:2.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:24651
    V
    		Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9
    2014-06-02
    BACK
    symantec client security 3.0
    symantec client security 3.0.1.1000
    symantec client security 3.0.1.1001
    symantec client security 3.0.1.1007
    symantec client security 3.0.1.1008
    symantec client security 3.0.1.1009
    symantec client security 3.0.2
    symantec client security 3.0.2.2000
    symantec client security 3.0.2.2001
    symantec client security 3.0.2.2002
    symantec client security 3.0.2.2010
    symantec client security 3.0.2.2011
    symantec client security 3.0.2.2020
    symantec client security 3.0.2.2021
    symantec client security 3.1
    symantec client security 3.1 mr4
    symantec client security 3.1 mr5
    symantec client security 3.1 mr6
    symantec client security 3.1.0.396
    symantec client security 3.1.0.401
    symantec client security 3.1.396
    symantec client security 3.1.400
    symantec client security 3.1.401
    symantec norton 360 1.0
    symantec norton 360 2.0
    symantec norton antivirus 2006
    symantec norton antivirus 2007
    symantec norton antivirus 2008
    symantec norton internet security 2006
    symantec norton internet security 2007
    symantec norton internet security 2008
    symantec norton system works 2006
    symantec norton antivirus 2006
    symantec client security 3.0
    symantec norton internet security 2006
    symantec client security 3.1
    symantec norton 360 1.0
    symantec norton antivirus 2007
    symantec norton internet security 2007
    symantec norton antivirus 2008
    symantec norton internet security 2008
    symantec norton system works 2007
    symantec norton system works 2008
    symantec norton 360 2.0