Vulnerability Details : CVE-2007-0447
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
Vulnerability category: OverflowExecute code
Products affected by CVE-2007-0447
- cpe:2.3:a:symantec:norton_antivirus:*:*:corporate_edition_for_linux:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2005:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.3:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.0:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.1:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.2:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.0:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.1:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.9.1:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2004:*:professional:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.0.359:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2002:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2010:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.396:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.4.4010:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.1.1.1000:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.1.1000:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.1.1007:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2011:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2020:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.4:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.4:mr4_mp1_build4010:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2005:*:professional:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2005:11.0:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.2.1000:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.6.1000:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.1.1008:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2021:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.400:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.401:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:2005:11.0.9:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.3.1000:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.5.1100:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.5:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2000:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.0.2.2001:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1.394:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:10.1:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.0.338:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.4:*:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_antivirus:9.0.4:mr4_build_1000:corporate_edition:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2004:*:professional:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2005:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:3.0:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2005:*:professional:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2006:*:professional:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2005:11.5.6.14:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2005:11.0:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_internet_security:2005:11.0.9:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.0.33:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_personal_firewall:2006_9.1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2004:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2006:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2005:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:3.0:*:macintosh:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2005:*:premier:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2005:11.0:*:*:*:*:*:*
- cpe:2.3:a:symantec:norton_system_works:2005:11.0.9:*:*:*:*:*:*
- cpe:2.3:h:symantec:gateway_security_5400:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.7.27:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:clearswift:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:microsoft_sharepoint:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:caching:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.0:*:clearswift:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:caching:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:clearswift:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:messaging:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:microsoft_sharepoint:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3:*:network_attached_storage:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:network_attached_storage:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.12:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:antivirus_scan_engine:4.3.8.29:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.1.394:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.1.400:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2010:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2020:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.2_build_9.0.2.1000:mr2:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.1_build_9.0.1.1000:mr1:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.3_build_9.0.3.1000:mr3:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.4:mr4_build1000:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.1.1001:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.1.1007:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2021:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.5_build_1100_mp1:mr5:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0.6:mr6:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.1.1008:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2000:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0:*:scf_7.1:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:2.0:build_9.0.0.338:stm:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2001:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2002:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.1.396:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.0.359:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.1.1000:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.0.2.2011:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:client_security:3.1.401:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:6.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:6.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:brightmail_antispam:6.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.59:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.60:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.61:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.62:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.63:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.68:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.01.67:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0.1.70:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0.1.76:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.70:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.72:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:3.0.1_build_3.01.74:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:web_security:5.0:*:microsoft_isa_2004:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:*:domino:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.5_build_719:*:exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:5.1.0:*:domino:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.1:build459:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.1:build461:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.6.3:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.6_build_97:*:exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:build456:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:build463:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.5.4.743:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.5:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:5.0.0.204:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:build465:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:build736:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:build741:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.5_build_736:*:exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:5.0:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:5.0:*:smtp:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0.1:*:domino:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.0:build743:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.1:build458:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.5_build_741:*:exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:4.6.1.107:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:symantec:mail_security:6.0.0:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:h:symantec:gateway_security_5000_series:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:h:symantec:mail_security_8820_appliance:*:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:symantec_antivirus_filtering_\+for_domino:3.0.12:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-0447
10.84%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-0447
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2007-0447
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-0447
-
http://www.vupen.com/english/advisories/2007/2508
-
http://www.zerodayinitiative.com/advisories/ZDI-07-040.html
-
http://www.securityfocus.com/bid/24282
-
http://osvdb.org/36118
-
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html
Patch
-
http://secunia.com/advisories/26053
Vendor Advisory
Jump to