Vulnerability Name:

CVE-2010-0108 (CCN-56355)

Assigned:2009-12-31
Published:2010-02-17
Updated:2018-10-30
Summary:Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
7.8 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-0108

Source: MISC
Type: UNKNOWN
http://dsecrg.com/pages/vul/show.php?id=139

Source: CCN
Type: SA38651
Symantec Products Client Proxy ActiveX Control Buffer Overflow

Source: SECUNIA
Type: Vendor Advisory
38651

Source: CCN
Type: OSVDB ID: 62413
Symantec Multiple Products Client Proxy ActiveX (CLIproxy.dll) Remote Overflow

Source: BUGTRAQ
Type: UNKNOWN
20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.

Source: BID
Type: UNKNOWN
38222

Source: CCN
Type: BID-38222
Symantec Client Proxy ActiveX Control Buffer Overflow Vulnerability

Source: CCN
Type: SYM10-004
Symantec Client Proxy Buffer Overflow in Older Product Versions

Source: CONFIRM
Type: UNKNOWN
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0412

Source: XF
Type: UNKNOWN
scp-cliproxy-activex-bo(56355)

Source: XF
Type: UNKNOWN
scp-cliproxy-activex-bo(56355)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:symantec:antivirus:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.5:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.6:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.7:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.8:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0.9:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mp1:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr4:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr5:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:mr7:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.0.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.4:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.4.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.5:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.5.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.6:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.6.1:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1.7:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2:*:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2:mr2:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2:mr3:corporate:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:mr1:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0:mr2:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr4:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr5:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:mr7:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.396:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.0.401:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.394:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.400:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1.401:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:endpoint_protection:11.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:symantec:client_security:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:client_security:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.1:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:symantec:antivirus:10.2::corporate:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    symantec antivirus 10.0
    symantec antivirus 10.0.1
    symantec antivirus 10.0.1.1
    symantec antivirus 10.0.2
    symantec antivirus 10.0.2.1
    symantec antivirus 10.0.2.2
    symantec antivirus 10.0.3
    symantec antivirus 10.0.4
    symantec antivirus 10.0.5
    symantec antivirus 10.0.6
    symantec antivirus 10.0.7
    symantec antivirus 10.0.8
    symantec antivirus 10.0.9
    symantec antivirus 10.1
    symantec antivirus 10.1
    symantec antivirus 10.1 mp1
    symantec antivirus 10.1 mr4
    symantec antivirus 10.1 mr5
    symantec antivirus 10.1 mr7
    symantec antivirus 10.1.0.1
    symantec antivirus 10.1.4
    symantec antivirus 10.1.4.1
    symantec antivirus 10.1.5
    symantec antivirus 10.1.5.1
    symantec antivirus 10.1.6
    symantec antivirus 10.1.6.1
    symantec antivirus 10.1.7
    symantec antivirus 10.2
    symantec antivirus 10.2 mr2
    symantec antivirus 10.2 mr3
    symantec client security 3.0
    symantec client security 3.0 mr1
    symantec client security 3.0 mr2
    symantec client security 3.0.0.359
    symantec client security 3.0.1.1000
    symantec client security 3.0.1.1007
    symantec client security 3.0.1.1008
    symantec client security 3.0.2
    symantec client security 3.0.2.2000
    symantec client security 3.0.2.2001
    symantec client security 3.0.2.2010
    symantec client security 3.0.2.2011
    symantec client security 3.0.2.2020
    symantec client security 3.0.2.2021
    symantec client security 3.1
    symantec client security 3.1 mr4
    symantec client security 3.1 mr5
    symantec client security 3.1 mr7
    symantec client security 3.1.0.396
    symantec client security 3.1.0.401
    symantec client security 3.1.394
    symantec client security 3.1.400
    symantec client security 3.1.401
    symantec endpoint protection 11.0
    symantec client security 3.0
    symantec client security 3.1
    symantec antivirus 10.1
    symantec antivirus 10.0
    symantec antivirus 10.2