Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
References
Configurations
History
No history.
Information
Published : 2012-08-22 10:42
Updated : 2024-02-28 12:00
NVD link : CVE-2010-3497
Mitre link : CVE-2010-3497
CVE.ORG link : CVE-2010-3497
JSON object : View
Products Affected
symantec
- norton_antivirus
CWE
CWE-264
Permissions, Privileges, and Access Controls