CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2012-4953

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.0300%
EPSS Percentile8.25th
Published2012年11月14日
Last Modified2026年4月29日

Vulnerability Description

The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds checks of the contents of CAB archives, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file.

Affected Platforms (CPE)

📦
Symantec

Antivirus

= 10.1.0
📦
Symantec

Antivirus

= 10.1.4
📦
Symantec

Antivirus

= 10.1.5
📦
Symantec

Antivirus

= 10.1.6
📦
Symantec

Antivirus

= 10.1.7
📦
Symantec

Antivirus

= 10.1.8
📦
Symantec

Antivirus

= 10.1.9
📦
Symantec

Endpoint Protection

= 11.0
📦
Symantec

Endpoint Protection

= 12.0
📦
Symantec

Scan Engine

<= 5.2

References & Advisories

🔗 http://www.kb.cert.org/vuls/id/985625
🔗 http://www.securityfocus.com/bid/56399
🔗 http://www.securitytracker.com/id?1027726
🔗 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00
🔗 http://www.kb.cert.org/vuls/id/985625
🔗 http://www.securityfocus.com/bid/56399
🔗 http://www.securitytracker.com/id?1027726
🔗 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121107_00

相關漏洞威脅

CVE-2004-048710.0

A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consump...

CVE-2005-169310.0

Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, e...

CVE-2000-079310.0

Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first use...

CVE-2005-201710.0

Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a h...