Norton Antivirus

norton_antivirus

Vendor: Symantec • 67 CVEs

CVEs (67)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-3771 1Symantec 2Client Security Norton Antivirus Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash)...Show more Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error.Show less
CVE-2007-3673 1Symantec 6Client Security Norton AntispamNorton Antivirus+3 more Apr 23, 2026 Jul 15, 2007 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewal...Show more Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through 3.1, Norton AntiSpam 2005, and Norton AntiVirus, Internet Security, Personal Firewall, and System Works 2005 and 2006; allows local users to gain privileges via a crafted Interrupt Request Packet (Irp) in an IOCTL 0x83022323 request to \\symTDI\, which results in memory overwrite.Show less
CVE-2007-3095 1Symantec 3Client Security Norton AntivirusReporting Server Apr 23, 2026 Jun 6, 2007 N/A· v4 N/A· v3 9.0 HIGH· v2 Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later,...Show more Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.Show less
CVE-2007-3022 1Symantec 3Client Security Norton AntivirusReporting Server Apr 23, 2026 Jun 5, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash fo...Show more Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a user after a failed login attempt, which makes it easier for remote attackers to conduct brute force attacks.Show less
CVE-2007-3021 1Symantec 3Client Security Norton AntivirusReporting Server Apr 23, 2026 Jun 5, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critica...Show more Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.Show less
CVE-2006-3456 1Symantec 3Norton Antivirus Norton Internet SecurityNorton System Works Apr 23, 2026 May 11, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embed...Show more The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, is designed for use only in application-embedded web browsers, which allows remote attackers to "crash the control" via unspecified vectors related to content on a web site, and place Internet Explorer into a "defunct state" in which remote attackers can execute arbitrary code in addition to other Symantec ActiveX controls, regardless of whether they are marked safe for scripting. NOTE: this CVE was inadvertently used for an E-mail Auto-Protect issue, but that issue has been assigned CVE-2007-3771.Show less
CVE-2007-1793 1Symantec 8Antivirus Client SecurityNorton 360+5 more Apr 23, 2026 Apr 2, 2007 N/A· v4 N/A· v3 4.9 MEDIUM· v2 SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service...Show more SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to hooked SSDT function handlers, which allows local users to cause a denial of service (crash) or possibly execute arbitrary code via crafted arguments to the (1) NtCreateMutant and (2) NtOpenEvent functions. NOTE: it was later reported that Norton Internet Security 2008 15.0.0.60, and possibly other versions back to 2006, are also affected.Show less
CVE-2007-1476 1Symantec 6Client Security Norton AntispamNorton Antivirus+3 more Apr 23, 2026 Mar 16, 2007 N/A· v4 N/A· v3 1.9 LOW· v2 The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows lo...Show more The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006, AntiVirus Corporate Edition 3.0.x through 10.1.x, and other Norton products, allows local users to cause a denial of service (system crash) by sending crafted data to the driver's \Device file, which triggers invalid memory access, a different vulnerability than CVE-2006-4855.Show less
CVE-2006-6490 2Supportsoft Symantec 6Automated Support Assistant Norton AntivirusNorton Internet Security+3 more Apr 23, 2026 Feb 22, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and...Show more Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.Show less
CVE-2006-3455 1Symantec 2Client Security Norton Antivirus Apr 23, 2026 Oct 23, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified...Show more The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function.Show less
CVE-2006-5404 1Symantec 4Automated Support Assistant Norton AntivirusNorton Internet Security+1 more Apr 23, 2026 Oct 19, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtai...Show more Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to obtain sensitive information via unspecified vectors.Show less
CVE-2006-5403 1Symantec 4Automated Support Assistant Norton AntivirusNorton Internet Security+1 more Apr 23, 2026 Oct 19, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cau...Show more Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet Security, and System Works 2005 and 2006, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.Show less
CVE-2006-4855 1Symantec 7Client Security Host IdsNorton Antivirus+4 more Apr 16, 2026 Sep 19, 2006 N/A· v4 N/A· v3 4.9 MEDIUM· v2 The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3...Show more The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.Show less
CVE-2006-4802 1Symantec 2Client Security Norton Antivirus Apr 16, 2026 Sep 14, 2006 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified v...Show more Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.Show less
CVE-2006-3454 1Symantec 2Client Security Norton Antivirus Apr 16, 2026 Sep 14, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection an...Show more Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages.Show less
CVE-2006-2630 1Symantec 2Client Security Norton Antivirus Apr 16, 2026 May 27, 2006 N/A· v4 N/A· v3 10.0 HIGH· v2 Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2006-1836 1Symantec 6Liveupdate Norton AntivirusNorton Internet Security+3 more Apr 16, 2026 Apr 19, 2006 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program...Show more Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.Show less
CVE-2005-3270 1Symantec 1Norton Antivirus Apr 16, 2026 Oct 21, 2005 N/A· v4 N/A· v3 7.2 HIGH· v2 Untrusted search path vulnerability in DiskMountNotify for Symantec Norton AntiVirus 9.0.3 allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file.
CVE-2005-2759 1Symantec 1Norton Antivirus Apr 16, 2026 Oct 20, 2005 N/A· v4 N/A· v3 7.2 HIGH· v2 SPLIT The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this cand...Show more SPLIT The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue.Show less
CVE-2005-2766 1Symantec 1Norton Antivirus Apr 16, 2026 Sep 2, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file,...Show more Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server.Show less

Previous 123 4 Next