CyberSec.Space Logo
Back to CVE Browser

CVE-2012-4953

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0300%
EPSS Percentile8.25th
PublishedNov 14, 2012
Last ModifiedApr 29, 2026

Vulnerability Description

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.

Affected Platforms (CPE)

πŸ“¦
Symantec

Antivirus

= 10.1.0
πŸ“¦
Symantec

Antivirus

= 10.1.4
πŸ“¦
Symantec

Antivirus

= 10.1.5
πŸ“¦
Symantec

Antivirus

= 10.1.6
πŸ“¦
Symantec

Antivirus

= 10.1.7
πŸ“¦
Symantec

Antivirus

= 10.1.8
πŸ“¦
Symantec

Antivirus

= 10.1.9
πŸ“¦
Symantec

Endpoint Protection

= 11.0
πŸ“¦
Symantec

Endpoint Protection

= 12.0
πŸ“¦
Symantec

Scan Engine

<= 5.2

References & Advisories

πŸ”— http://www.kb.cert.org/vuls/id/985625
πŸ”— http://www.securityfocus.com/bid/56399
πŸ”— http://www.securitytracker.com/id?1027726
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00
πŸ”— http://www.kb.cert.org/vuls/id/985625
πŸ”— http://www.securityfocus.com/bid/56399
πŸ”— http://www.securitytracker.com/id?1027726
πŸ”— http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00

Related Vulnerabilities

CVE-2004-048710.0

A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consump...

CVE-2005-169310.0

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, e...

CVE-2000-079310.0

Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first use...

CVE-2005-201710.0

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a h...