CVE-2008-0313
Symantec Norton Products - Remote Code Execution via ActiveDataInfo.LaunchProcess Method
Title source: llmDescription
The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products including Norton 360 1.0, AntiVirus 2006 through 2008, Internet Security 2006 through 2008, and System Works 2006 through 2008, does not properly determine the location of the AutoFix Tool, which allows remote attackers to execute arbitrary code via a remote (1) WebDAV or (2) SMB share.
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019753
Various Sources x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.02a.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019751
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019752
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29660
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1077/references
Third Party Advisory third-party-advisory
x_refsource_idefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=678
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41631
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28509
Scores
EPSS
0.0622
EPSS Percentile
91.0%
Details
Status
published
Products (10)
symantec/norton_360
1.0
symantec/norton_antivirus
2006
symantec/norton_antivirus
2007
symantec/norton_antivirus
2008
symantec/norton_internet_security
2006
symantec/norton_internet_security
2007
symantec/norton_internet_security
2008
symantec/system_works
2006
symantec/system_works
2007
symantec/system_works
2008
Published
Apr 08, 2008
Tracked Since
Feb 18, 2026