Skip to main content

Symantec Products Client Proxy Remote Buffer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 19 Feb 2010 5328 Views

RISK: Medium Risk

A vulnerability has been identified in various Symantec products, which could be exploited by remote attackers to compromise an affected system. This issue is caused by a buffer overflow error in the Client Proxy "CLIproxy.dll" ActiveX control when processing user-supplied data, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Symantec AntiVirus versions 10.0.x
  • Symantec AntiVirus versions 10.1.x
  • Symantec AntiVirus versions 10.2.x
  • Symantec Client Security versions 3.0.x
  • Symantec Client Security versions 3.1.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Symantec AntiVirus - Upgrade to version 10.1 MR9 or 10.2 MR4
  • Symantec Client Security - Upgrade to version 3.1 MR9


Vulnerability Identifier


Source