National Cyber Awareness System
Vulnerability Summary for CVE-2010-0108
Original release date:02/19/2010
Last revised:02/07/2013
Source:
US-CERT/NIST
Overview
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.
Impact
CVSS Severity (version 2.0):
Impact Subscore:
10.0
Exploitability Subscore:
10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: XF
Name: scp-cliproxy-activex-bo(56355)
External Source: VUPEN
Name: ADV-2010-0412
Type: Advisory
External Source: CONFIRM
Name: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_02
External Source: BID
Name: 38222
External Source: BUGTRAQ
Name: 20100219 [DSECRG-09-039] Symantec Antivirus 10.0 ActiveX - buffer Overflow.
External Source: SECUNIA
Name: 38651
Type: Advisory
External Source: MISC
Name: http://dsecrg.com/pages/vul/show.php?id=139
