CVE-2007-3021

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/36109
http://secunia.com/advisories/25543
http://www.securityfocus.com/bid/24313
http://www.securitytracker.com/id?1018196
http://www.symantec.com/avcenter/security/Content/2007.06.05a.html	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2007/2074
https://exchange.xforce.ibmcloud.com/vulnerabilities/34744

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:symantec:client_security:3.1:::::::*
	cpe:2.3:a:symantec:client_security:3.1.394:::::::*
	cpe:2.3:a:symantec:client_security:3.1.396:::::::*
	cpe:2.3:a:symantec:client_security:3.1.400:::::::*
	cpe:2.3:a:symantec:client_security:3.1.401:::::::*
	cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.396::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.400::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.1.401::corporate:::::
	cpe:2.3:a:symantec:reporting_server::::::::

History

No history.

Information

Published : 2007-06-05 21:30

Updated : 2024-02-28 11:01

NVD link : CVE-2007-3021

Mitre link : CVE-2007-3021

CVE.ORG link : CVE-2007-3021

JSON object : View

Products Affected

symantec

reporting_server
norton_antivirus
client_security

CWE

NVD-CWE-Other

{"id": "CVE-2007-3021", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2007-06-05T21:30:00.000", "references": [{"url": "http://osvdb.org/36109", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25543", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/24313", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018196", "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/avcenter/security/Content/2007.06.05a.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/2074", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34744", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export."}, {"lang": "es", "value": "Symantec Reporting Server 1.0.197.0, y otras versiones anteriores a 1.0.224.0, como se usan en Symantec Client Security 3.1 y posteriores, y Symantec AntiVirus Corporate Edition (SAV CE) 10.1 y posteriores, no inicializa una variable cr\u00edtica, lo cual permite a los atacantes crear archivos ejecutables de su elecci\u00f3n mediante manipulaciones desconocidas de un archivo que se crea durante la exportaci\u00f3n de datos."}], "lastModified": "2017-07-29T01:31:55.267", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D24019B-20F0-4B4D-86A5-9409698E6216"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D6090F86-0B42-403F-9996-9B7670EBAA5A"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3706E76-FC65-467E-8D09-A9EAC32E9BBD"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF555313-BB5A-4D8A-A3A1-609ABC39F6FE"}, {"criteria": "cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC74372F-329A-4597-810B-88B865771C9D"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D3CBEF5-25C6-41E8-97A3-2AA43134E619"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81AE594C-41ED-4FE8-839D-B604AE8DC901"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4AB33BC0-813C-4944-9835-A1F62614CC97"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "423C4F6C-4D87-4604-9122-02E2F06FAFB7"}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60BBE26A-E648-440F-9F08-AA7DD62D6C11"}, {"criteria": "cpe:2.3:a:symantec:reporting_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "953B6B3E-C3B9-40E6-95E6-911FFEA9A184", "versionEndIncluding": "1.0.197.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}