Vulnerability Description
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Internet Security | 2004 |
References
- http://marc.info/?l=bugtraq&m=107970885922442&w=2
- http://marc.info/?l=bugtraq&m=107980262324362&w=2
- http://secunia.com/advisories/11168
- http://www.kb.cert.org/vuls/id/549054US Government Resource
- http://www.nextgenss.com/advisories/nisrce.txtPatchVendor Advisory
- http://www.sarc.com/avcenter/security/Content/2004.03.19.html
- http://www.securityfocus.com/bid/9915Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15538
- http://marc.info/?l=bugtraq&m=107970885922442&w=2
- http://marc.info/?l=bugtraq&m=107980262324362&w=2
- http://secunia.com/advisories/11168
- http://www.kb.cert.org/vuls/id/549054US Government Resource
- http://www.nextgenss.com/advisories/nisrce.txtPatchVendor Advisory
- http://www.sarc.com/avcenter/security/Content/2004.03.19.html
- http://www.securityfocus.com/bid/9915Vendor Advisory
FAQ
What is CVE-2004-0364?
CVE-2004-0364 is a vulnerability with a CVSS score of 7.5 (HIGH). The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.
How severe is CVE-2004-0364?
CVE-2004-0364 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0364?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Norton Internet Security.