Description
Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.
References (7)
Core 7
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2007.06.05a.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24313
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36109
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018196
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2074
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34744
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25543
Scores
EPSS
0.0103
EPSS Percentile
77.6%
Details
Status
published
Products (11)
symantec/client_security
3.1
symantec/client_security
3.1.394
symantec/client_security
3.1.396
symantec/client_security
3.1.400
symantec/client_security
3.1.401
symantec/norton_antivirus
10.0.2.2021
symantec/norton_antivirus
10.1
symantec/norton_antivirus
10.1.396
symantec/norton_antivirus
10.1.400
symantec/norton_antivirus
10.1.401
... and 1 more
Published
Jun 05, 2007
Tracked Since
Feb 18, 2026