CVE-2009-1432

Published: Apr 30, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Symantec Reporting Server, as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2, Symantec Client Security (SCS) before 3.1 MR8, and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2, allows remote attackers to inject arbitrary text into the login screen, and possibly conduct phishing attacks, via vectors involving a URL that is not properly handled.

Affected (8)

Products: Symantec: Antivirus, Client Security, Endpoint Protection

3 products

Client Security

Endpoint Protection

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Symantec Antivirus	Version 10.1
Symantec Antivirus	Version 10.1 maintenance_release7
Symantec Antivirus	Version 10.2
Symantec Antivirus	Version 10.2 maintenance_release1
Symantec Client Security	Version 3.1
Symantec Client Security	Version 3.1 maintenance_release7
Symantec Endpoint Protection	Version 11.0
Symantec Endpoint Protection	Version 11.0 maintenance_release1

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://secunia.com/advisories/34856

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/34935

Source: cve@mitre.org

Third Party Advisory

http://securitytracker.com/id?1022136

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://securitytracker.com/id?1022137

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://securitytracker.com/id?1022138

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/34668

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1202

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1204

Source: cve@mitre.org

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50172

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://secunia.com/advisories/34856

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://secunia.com/advisories/34935

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://securitytracker.com/id?1022136

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://securitytracker.com/id?1022137

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://securitytracker.com/id?1022138

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/34668

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2009/1202

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.vupen.com/english/advisories/2009/1204

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50172

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.