Next Page >>
Symantec Corp
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 28, 2009
I. BACKGROUND
Symantec System Center is an MMC (Microsoft Management Console) snap-in
that allows an administrator to remotely manage Symantec products. The
Symantec System Center comes bundled with several Symantec products,
including Symantec Client Security and Symantec AntiVirus. It contains
an optional component called the Alert Management System Console. This
component starts a service (Intel File Transfer) that listens on TCP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-012
Advisory Title: Microsoft Windows CE IGMP Denial of Service
Symantec Security Advisory
SYM07-029
http://www.symantec.com/avcenter/security/Content/2007.11.27.html
27 Nov 2007
Symantec Backup Exec for Windows Server: Multiple Denial of Service Issues in Job Engine
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-011
Advisory Title: Microsoft Windows Mobile 5 PocketPC Phone Edition
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-007
Advisory Title: Palm OS Treo Smartphone Denial of Service
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-009
Advisory Title: RemoteDocs R-Viewer Code Execution and Sensitive
Information Disclosure
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-014
Advisory Title: SQL Injection Vulnerability in Beehive Forum
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2008-001
Advisory Title: Lyris ListManager - Multiple Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-013
Advisory Title: Lotus Notes Memory Mapped Files Vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-010
Advisory Title: Microsoft ActiveSync 4.x Weak Password Obfuscation
________________________________________________________________________
Symantec multiple products - Generic PDF bypass
________________________________________________________________________
***********************************************************************
Cheap plug :
Speaking of PDF - If you are interested in client-side vulnerabilities
visit HACK.LU starting tomorrow [28-30 Oct] with :
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Consulting Services
www.symantec.com
Security Advisory
Advisory ID: SYMSA-2007-008
Advisory Title: Autodesk Backburner 3.0.2 : System Backdoor
Author: Dave Hartley and Stephen Kapp
Security Advisory NSOADV-2009-001
_________________________________________
_________________________________________
Title: Symantec ConsoleUtilities ActiveX Control
Buffer Overflow
Severity: Critical
Advisory ID: NSOADV-2009-001
Found Date: 09.09.2009
Date Reported: 15.09.2009
SYM07-024
September 05, 2007
Symantec SYMTDI.SYS Device Driver Local Denial of Service
Revision History: None
Risk Impact: Low
Remote Access: No
Local Access: Yes
Authentication Required: Yes, to the local system
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Symantec Vulnerability Research
http://www.symantec.com/research
Security Advisory
Advisory ID: SYMSA-2007-015
Advisory Title: Perforce P4Web Denial Of Service through resource
======================================================================
Secunia Research 08/04/2008
- Symantec Mail Security Applix Graphics Parsing Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
information, visit the URL referenced below.
http://www.autonomy.com/
KeyView is used by many commercial products to handle various types of
file formats. Lotus Notes and Symantec Mail Security are two examples
of such products.
II. DESCRIPTION
Remote exploitation of an integer overflow vulnerability in Autonomy's
======================================================================
Secunia Research 08/04/2008
- Symantec Mail Security Folio Flat File Parsing Buffer Overflows -
======================================================================
Table of Contents
Affected Software....................................................1
VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. DESCRIPTION
---------------------
VUPEN Vulnerability Research Team discovered a vulnerability in various
ZDI-09-098: Symantec Multiple Products VRTSweb.exe Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-098
December 9, 2009
-- CVE ID:
CVE-2009-3027
-- Affected Vendors:
Symantec
by removing, or commenting out, the line referencing "wp6sr.dll" from
the "KeyView.ini" file within the Lotus Notes program directory.
Deleting "wp6sr.dll" from the affected system will also prevent
exploitation.
For Symantec Mail Security, disabling "content filtering" will prevent
exploitation.
Additional workarounds are available from the individual vendors'
advisories referenced below.
software for more than twenty years. GEAR develops solutions for
professional premastering, DVD editing and authoring, and is also a
leading provider of development tools that enable software companies to
integrate optical recording technology into their own products. GEAR
technology is integrated into solutions from some of the world's most
prominent technology organizations, including Apple, Symantec, Siemens,
Kodak, Philips and Bosch, among many others"
www.gearsoftware.com
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 26, 2008
I. BACKGROUND
Symantec Scan Engine is a standalone Anti-Virus Engine that exposes a
scanning Application Programming Interface (API) directly to developers
who wish to integrate protection into their own custom applications.
More information is available on the vendor's site at the following
URL.
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 26, 2008
I. BACKGROUND
Symantec Scan Engine is a standalone Anti-Virus Engine that exposes a
scanning Application Programming Interface (API) directly to developers
who wish to integrate protection into their own custom applications.
More information is available on the vendor's site at the following
URL.
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-039
Application: Symantec Antivirus Client Proxy
Versions Affected: Version 10
Vendor URL: http://symantec.com
Bugs: Buffer Overflow
Exploits: POC
Reported: 04.05.2009
Vendor response: 07.05.2009
Date of Public Advisory: 17.02.2010
examined.
The privileges that an attacker gains may be different for each
application that uses the KeyView SDK. For example, exploiting this
issue via Lotus Notes yields the current user's privileges while
exploiting the vulnerability via Symantec Mail Security yields SYSTEM
privileges.
IV. DETECTION
iDefense confirmed the existence of this vulnerability using the
The attached is a signed version of the security advisory for Symantec Storage Foundation for Windows 5.x that was released today. If we can get the signature to verify, please post to bugtraq
Regards
<<SYM08-015_ SFW_SecurityUpdateBypass.txt>>
----------------------------------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ZDI-08-003: Symantec Backup Exec Remote File Upload Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
February 6, 2008
-- CVE ID:
CVE-2008-0457
-- Affected Vendor:
Symantec
ZDI-08-024: Symantec Altiris Deployment Solution SQL Injection
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-024
May 15, 2008
-- Affected Vendors:
Symantec
-- Affected Products:
Symantec Altiris Deployment Solution
Symantec Altiris Deployment Solution TFTP/MTFTP Service Directory
Traversal Vulnerability
iDefense Security Advisory 10.31.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 31, 2007
I. BACKGROUND
Symantec Altiris Deployment Solution is an automated OS deployment
Next Page>>
|
