CVE-2004-1910

Symantec Virus Detection - Denial of Service via Long String to GetPrivateProfileString

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1910. PoCs published by Rafel Ivgi The-Insider.

AI-analyzed exploit summary This exploit demonstrates a denial of service (DoS) vulnerability in the Symantec.SymVAFileQuery.1 COM object by passing excessive data, causing the browser to crash. The PoC uses VBScript to invoke the vulnerable object with a large string of 'a' characters.

Description

rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafel Ivgi The-Insider · textdoswindows

https://www.exploit-db.com/exploits/23919

View Code ZIP pw:eip

This exploit demonstrates a denial of service (DoS) vulnerability in the Symantec.SymVAFileQuery.1 COM object by passing excessive data, causing the browser to crash. The PoC uses VBScript to invoke the vulnerable object with a large string of 'a' characters.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Symantec Virus Detection (Symantec.SymVAFileQuery.1 COM object)

No auth needed

Prerequisites: User must navigate to a malicious page or have the vulnerable COM object installed via Symantec Virus Detection service

MITRE ATT&CK