Vulnerability Description
Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Norton Antivirus | 2011 |
Related Weaknesses (CWE)
References
- http://www.n00bz.net/antivirus-cve
- http://www.securityfocus.com/archive/1/514356
- http://www.n00bz.net/antivirus-cve
- http://www.securityfocus.com/archive/1/514356
FAQ
What is CVE-2010-3497?
CVE-2010-3497 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary c...
How severe is CVE-2010-3497?
CVE-2010-3497 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-3497?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Norton Antivirus.