SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Norton System Works Vendors:   Symantec
Symantec Norton System Works AutoProtect Errors May Let Local or Remote Users Deny Service
SecurityTracker Alert ID:  1013585
SecurityTracker URL:  http://securitytracker.com/id/1013585
CVE Reference:   CVE-2005-0922, CVE-2005-0923   (Links to External Site)
Updated:  Jul 7 2008
Original Entry Date:  Mar 29 2005
Impact:   Denial of service via local system, Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2004, 2005
Description:   Two vulnerabilities were reported in Symantec's Norton System Works in the AutoProtect feature. A user can create a file or modify a filename to cause the target system to crash.

A user can create a specially crafted file of a specific file type. Then, when the AutoProtect feature performs a real time scan of the file, the system will crash. The file itself is not otherwise malicious. This flaw occurs in the 2004 and 2005 product versions.

If the SmartScan feature is enabled and a certain type of file stored on a network share has its filename modified, the SmartScan analysis of the filename modification may cause the SmartScan process to consume excessive CPU resources. The system may crash as a result. This flaw occurs in the 2005 product version.

The vendor credits Mr. Isamu Noguchi, the Information-Technology Promotion Agency-Japan, and JPCERT with reporting these vulnerabilities.

Impact:   A local or remote user can create or modify a file to cause the target system to crash. For example, the file can be created by a remote user and delivered to the target system by e-mail or a web or file server.
Solution:   A fix is available via LiveUpdate.
Vendor URL:  securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC