Vulnerabilities (CVE)

Filtered by vendor Symantec Subscribe
Filtered by product Norton Antivirus
Total 67 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-2017 1 Symantec 1 Norton Antivirus 2024-11-20 10.0 HIGH N/A
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
CVE-2005-1346 1 Symantec 7 Antivirus Scan Engine, Mail Security, Norton Antivirus and 4 more 2024-11-20 2.6 LOW N/A
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
CVE-2005-0923 1 Symantec 3 Norton Antivirus, Norton Internet Security, Norton System Works 2024-11-20 2.1 LOW N/A
The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
CVE-2005-0922 1 Symantec 3 Norton Antivirus, Norton Internet Security, Norton System Works 2024-11-20 5.0 MEDIUM N/A
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
CVE-2005-0249 1 Symantec 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more 2024-11-20 7.5 HIGH N/A
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
CVE-2004-2147 1 Symantec 1 Norton Antivirus 2024-11-20 5.0 MEDIUM N/A
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
CVE-2004-0920 1 Symantec 1 Norton Antivirus 2024-11-20 5.0 MEDIUM N/A
Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name.
CVE-2004-0683 1 Symantec 1 Norton Antivirus 2024-11-20 5.0 MEDIUM N/A
Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories.
CVE-2004-0487 1 Symantec 1 Norton Antivirus 2024-11-20 10.0 HIGH N/A
A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs.
CVE-2003-1451 1 Symantec 1 Norton Antivirus 2024-11-20 6.4 MEDIUM N/A
Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attackers to execute arbitrary code via an e-mail attachment with a compressed ZIP file that contains a file with a long filename.
CVE-2003-1310 1 Symantec 1 Norton Antivirus 2024-11-20 4.6 MEDIUM N/A
The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) in Symantec Norton AntiVirus 2002 allows local users to gain privileges by overwriting memory locations via certain control codes (aka "Device Driver Attack").
CVE-2003-0994 1 Symantec 4 Norton Antivirus, Norton Internet Security, Norton System Works and 1 more 2024-11-20 7.2 HIGH N/A
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
CVE-2002-2206 1 Symantec 1 Norton Antivirus 2024-11-20 7.8 HIGH N/A
The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows local users to cause a denial of service (CPU consumption and crash) via a long username with multiple /localhost entries.
CVE-2002-1777 1 Symantec 1 Norton Antivirus 2024-11-20 7.5 HIGH N/A
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed
CVE-2002-1776 1 Symantec 1 Norton Antivirus 2024-11-20 7.5 HIGH N/A
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed
CVE-2002-1775 1 Symantec 1 Norton Antivirus 2024-11-20 7.5 HIGH N/A
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass the initial virus scan and cause NAV to prematurely stop scanning by using a non-RFC compliant MIME header. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed
CVE-2002-1774 1 Symantec 1 Norton Antivirus 2024-11-20 7.5 HIGH N/A
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to send viruses that bypass the e-mail scanning via a NULL character in the MIME header before the virus. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the AutoProtect feature would detect the virus before it is executed
CVE-2002-1540 1 Symantec 1 Norton Antivirus 2024-11-20 7.2 HIGH N/A
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
CVE-2002-0485 1 Symantec 1 Norton Antivirus 2024-11-20 5.0 MEDIUM 7.5 HIGH
Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.
CVE-2001-1099 2 Microsoft, Symantec 2 Exchange Server, Norton Antivirus 2024-11-20 5.0 MEDIUM N/A
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.