CVE-2008-0312
Symantec Norton Products - Stack-Based Buffer Overflow via AutoFix Support Tool ActiveX Control
Title source: llmDescription
Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products, including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, allows remote attackers to execute arbitrary code via a long argument to the GetEventLogInfo method. NOTE: some of these details are obtained from third party information.
References (9)
Core 9
Core References
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019753
Patch x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019751
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019752
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29660
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1077/references
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28507
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41629
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
Scores
EPSS
0.1833
EPSS Percentile
95.3%
Details
CWE
CWE-119
Status
published
Products (10)
symantec/norton_360
1.0
symantec/norton_antivirus
2006
symantec/norton_antivirus
2007
symantec/norton_antivirus
2008
symantec/norton_internet_security
2006
symantec/norton_internet_security
2007
symantec/norton_internet_security
2008
symantec/norton_system_works
2006
symantec/norton_system_works
2007
symantec/norton_system_works
2008
Published
Apr 08, 2008
Tracked Since
Feb 18, 2026