CVE-2007-3771
Symantec Client Security < 3.1 - Denial of Service via Long SMTP Header
Title source: llmDescription
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a long (1) To, (2) From, or (3) Subject header in an outbound SMTP e-mail message. NOTE: the original vendor advisory referenced CVE-2006-3456, but this was an error.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018371
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26036
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1018367
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35354
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2506
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24802
Various Sources x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11b.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36115
Scores
EPSS
0.0006
EPSS Percentile
17.3%
Details
Status
published
Products (32)
symantec/client_security
2.0
symantec/client_security
3.0
symantec/client_security
3.0.1.1000
symantec/client_security
3.0.1.1007
symantec/client_security
3.0.1.1009
symantec/client_security
3.0.2
symantec/client_security
3.0.2.2000
symantec/client_security
3.0.2.2001
symantec/client_security
3.0.2.2002
symantec/client_security
3.0.2.2011
... and 22 more
Published
Jul 15, 2007
Tracked Since
Feb 18, 2026