CVE-2008-0309

critical

Description

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

References

http://www.vupen.com/english/advisories/2008/0680

http://www.symantec.com/avcenter/security/Content/2008.02.27.html

http://www.securitytracker.com/id?1019503

http://www.securityfocus.com/bid/27913

http://secunia.com/advisories/29140

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667

Details

Source: Mitre, NVD

Published: 2008-02-28

Updated: 2011-03-08

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical