ZeroBox Vulnerability Database

漏洞起因
边界条件错误
危险等级
中
 
影响系统
Symantec Endpoint Protection 11.0.4010 .26 (MR4-MP1a)
Symantec Endpoint Protection 11.0.4010 .19 (MR4-MP1)
Symantec Endpoint Protection 11.0.4000 2295
Symantec Endpoint Protection 11.0.4000 .2295 (MR4)
Symantec Endpoint Protection 11.0.4000
Symantec Endpoint Protection 11.0.3001 .2224 (MR3)
Symantec Endpoint Protection 11.0.2020 .56 (MR2-MP2)
Symantec Endpoint Protection 11.0.2010 .25 (MR2-MP1)
Symantec Endpoint Protection 11.0.2001 .10 (MR2-PP1)
Symantec Endpoint Protection 11.0.2000 .1567 (MR2)
Symantec Endpoint Protection 11.0.1005 .1428 (MR1-PP5)
Symantec Endpoint Protection 11.0.1002 .1378 (MR1-PP2)
Symantec Endpoint Protection 11.0.1000 .1375 (MR1)
Symantec Endpoint Protection 11.0.781 .1287 (STM-PP1)
Symantec Endpoint Protection 11.0.780 .1109 (STM)
Symantec Endpoint Protection 11.0.4202.75
Symantec Endpoint Protection 11.0 MR3
Symantec Endpoint Protection 11.0 MR2
Symantec Endpoint Protection 11.0 MR1
Symantec Endpoint Protection 11.0
Symantec Client Security 3.1.4 MR4 MP1 – build 4010
Symantec Client Security 3.1.4 .4000 (MR4)
Symantec Client Security 3.1 .401
Symantec Client Security 3.1 .400
Symantec Client Security 3.1 .396
Symantec Client Security 3.1 .394
Symantec Client Security 3.0.2 .2021
Symantec Client Security 3.0.2 .2020
Symantec Client Security 3.0.2 .2011
Symantec Client Security 3.0.2 .2010
Symantec Client Security 3.0.2 .2002
Symantec Client Security 3.0.2 .2001
Symantec Client Security 3.0.2 .2000
Symantec Client Security 3.0.1 .1009 (MR1-PP9)
Symantec Client Security 3.0.1 .1003 (MR1-PP2)
Symantec Client Security 3.1 MR9
Symantec Client Security 3.1 MR8
Symantec Client Security 3.1 MR7
Symantec Client Security 3.1 MR6 MP1
Symantec Client Security 3.1 MR6
Symantec Client Security 3.1
Symantec Client Security 3.0.1.1008
Symantec Client Security 3.0.1.1007
Symantec Client Security 3.0.1.1001
Symantec Client Security 3.0.1.1000
Symantec Client Security 3.0.0.359
Symantec AntiVirus for Macintosh 10.0
Symantec AntiVirus for Macintosh 10.2
Symantec AntiVirus for Macintosh 10.1
Symantec AntiVirus for Macintosh 10.0
Symantec AntiVirus Corporate Edition 10.2.1 .1000 (MR1)
Symantec AntiVirus Corporate Edition 10.2 .313 (STM-PP1)
Symantec AntiVirus Corporate Edition 10.2 .298 (STM 64-bit)
Symantec AntiVirus Corporate Edition 10.2 .276 (STM 32-bit)
Symantec AntiVirus Corporate Edition 10.1.7 .7000 (MR7)
Symantec AntiVirus Corporate Edition 10.1.6 .6010 (MR6-MP1)
Symantec AntiVirus Corporate Edition 10.1.5 .5010 (MR5-MP1)
Symantec AntiVirus Corporate Edition 10.1.5 .5001 (MR5-PP1)
Symantec AntiVirus Corporate Edition 10.1.5 .5000 (MR5)
Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 – build 4010
Symantec AntiVirus Corporate Edition 10.1.4 .4000 (MR4)
Symantec AntiVirus Corporate Edition 10.1.4
Symantec AntiVirus Corporate Edition 10.1 .401
Symantec AntiVirus Corporate Edition 10.1 .400
Symantec AntiVirus Corporate Edition 10.1 .396
Symantec AntiVirus Corporate Edition 10.1 .394
Symantec AntiVirus Corporate Edition 10.0.2 .2021
Symantec AntiVirus Corporate Edition 10.0.2 .2020
Symantec AntiVirus Corporate Edition 10.0.2 .2011
Symantec AntiVirus Corporate Edition 10.0.2 .2010
Symantec AntiVirus Corporate Edition 10.0.2 .2010
Symantec AntiVirus Corporate Edition 10.0.2 .2002
Symantec AntiVirus Corporate Edition 10.0.2 .2001
Symantec AntiVirus Corporate Edition 10.0.2 .2000
Symantec AntiVirus Corporate Edition 10.0.1 .1009 (MR1-PP9)
Symantec AntiVirus Corporate Edition 10.0.1 .1003 (MR1-PP2)
Symantec AntiVirus Corporate Edition 10.0.1 .1001 (MR1-PP1)
Symantec AntiVirus Corporate Edition 10.0
Symantec AntiVirus Corporate Edition 10.2 MR3
Symantec AntiVirus Corporate Edition 10.2 MR2
Symantec AntiVirus Corporate Edition 10.2 MR1
Symantec AntiVirus Corporate Edition 10.2
Symantec AntiVirus Corporate Edition 10.1.6.6000
Symantec AntiVirus Corporate Edition 10.1.6.600
Symantec AntiVirus Corporate Edition 10.1.4.4010
Symantec AntiVirus Corporate Edition 10.1 MR8
Symantec AntiVirus Corporate Edition 10.1 MR7
Symantec AntiVirus Corporate Edition 10.1 MR6 MP1
Symantec AntiVirus Corporate Edition 10.1 MR6
Symantec AntiVirus Corporate Edition 10.1
Symantec AntiVirus Corporate Edition 10.0.2.2000
Symantec AntiVirus Corporate Edition 10.0.1.1008
Symantec AntiVirus Corporate Edition 10.0.1.1007
Symantec AntiVirus Corporate Edition 10.0.1.1000
Symantec AntiVirus Corporate Edition 10.0.0.359
 
不受影响系统
 
危害
远程攻击者可利用漏洞绕过扫描进行攻击。
 
攻击所需条件
攻击者必须访问Symantec AntiVirus/Symantec Endpoint Protection。
 
漏洞信息
Symantec AntiVirus是一款防病毒应用程序，Symantec Endpoint Protection是一款赛门铁克企业级防病毒产品。
Symantec AntiVirus/Symantec Endpoint Protection按需扫描功能存在未明错误，通过其他拒绝读取访问Symantec AntiVirus或Symantec Enterprise Protection的实体可绕过扫描。
要成功利用漏洞需要应用程序的篡改保护已禁用，攻击者可以传递部分事件给应用程序。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的安全补丁：
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_00
 
漏洞提供者
Jeffrey Walton