Vulnerability Description
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Antivirus | 10.1.0 |
| Symantec | Endpoint Protection | 11.0 |
| Symantec | Scan Engine | <= 5.2 |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/985625US Government Resource
- http://www.securityfocus.com/bid/56399
- http://www.securitytracker.com/id?1027726
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.kb.cert.org/vuls/id/985625US Government Resource
- http://www.securityfocus.com/bid/56399
- http://www.securitytracker.com/id?1027726
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
FAQ
What is CVE-2012-4953?
CVE-2012-4953 is a vulnerability with a CVSS score of 9.3 (HIGH). The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine ...
How severe is CVE-2012-4953?
CVE-2012-4953 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4953?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Antivirus, Symantec Endpoint Protection, Symantec Scan Engine.