Vulnerability Description
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Client Security | 3.1 |
| Symantec | Norton Antivirus | 10.0.2.2021 |
| Symantec | Reporting Server | <= 1.0.197.0 |
References
- http://osvdb.org/36109
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24313
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05a.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34744
- http://osvdb.org/36109
- http://secunia.com/advisories/25543
- http://www.securityfocus.com/bid/24313
- http://www.securitytracker.com/id?1018196
- http://www.symantec.com/avcenter/security/Content/2007.06.05a.htmlPatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/2074
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34744
FAQ
What is CVE-2007-3021?
CVE-2007-3021 is a vulnerability with a CVSS score of 7.5 (HIGH). Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not ...
How severe is CVE-2007-3021?
CVE-2007-3021 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-3021?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Client Security, Symantec Norton Antivirus, Symantec Reporting Server.