Vulnerability Description
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows | All versions |
| Symantec | Norton 360 | 1.0 |
| Symantec | Norton Antivirus | 2006 |
| Symantec | Norton Internet Security | 2006 |
| Symantec | Norton System Works | 2006 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
- http://secunia.com/advisories/29660PatchVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.htmlPatch
- http://www.securityfocus.com/bid/28507Patch
- http://www.securitytracker.com/id?1019751Patch
- http://www.securitytracker.com/id?1019752Patch
- http://www.securitytracker.com/id?1019753Patch
- http://www.vupen.com/english/advisories/2008/1077/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41629
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
- http://secunia.com/advisories/29660PatchVendor Advisory
- http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.htmlPatch
- http://www.securityfocus.com/bid/28507Patch
- http://www.securitytracker.com/id?1019751Patch
- http://www.securitytracker.com/id?1019752Patch
FAQ
What is CVE-2008-0312?
CVE-2008-0312 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Se...
How severe is CVE-2008-0312?
CVE-2008-0312 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0312?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows, Symantec Norton 360, Symantec Norton Antivirus, Symantec Norton Internet Security, Symantec Norton System Works.