CVE-2002-1777

Published: Dec 31, 2002Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed

Affected (1)

Products: Symantec: Norton Antivirus

1 product

Norton Antivirus

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Symantec Norton Antivirus	Version 2002

References (8)

http://online.securityfocus.com/archive/1/260271

Source: cve@mitre.org

http://online.securityfocus.com/archive/1/260678

Source: cve@mitre.org

http://www.securityfocus.com/bid/4246

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/8392

Source: cve@mitre.org

http://online.securityfocus.com/archive/1/260271

Source: af854a3a-2127-422b-91ae-364da2661108

http://online.securityfocus.com/archive/1/260678

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/4246

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/8392

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.