CVE-2010-0108

Symantec AntiVirus - Buffer Overflow via SetRemoteComputerName Function

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0108. PoCs published by Alexander Polyakov.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Symantec Client Proxy ActiveX control. It uses a VBScript to pass an overly long string to the 'SetRemoteComputerName' method, potentially leading to arbitrary code execution in the context of Internet Explorer.

Description

Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexander Polyakov · htmlremotewindows

https://www.exploit-db.com/exploits/33642

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Symantec Client Proxy ActiveX control. It uses a VBScript to pass an overly long string to the 'SetRemoteComputerName' method, potentially leading to arbitrary code execution in the context of Internet Explorer.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Symantec AntiVirus 10.0.x, 10.1.x prior to 10.1 MR9, 10.2.x prior to 10.2 MR4; Symantec Client Security 3.0.x, 3.1.x prior to 3.1 MR9

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · ActiveX control must be enabled in the browser

MITRE ATT&CK