CVE-2007-3800 - OpenCVE

Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:H/Au:S/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Symantec	Norton Antivirus Client Security

Configuration 1 [-]

OR	cpe:2.3:a:symantec:client_security::::::::
	cpe:2.3:a:symantec:client_security:2.0:::::::*
	cpe:2.3:a:symantec:client_security:2.1:::::::*
	cpe:2.3:a:symantec:norton_antivirus:::corporate:::::*
	cpe:2.3:a:symantec:norton_antivirus:9.0::corporate:::::
	cpe:2.3:a:symantec:norton_antivirus:10.0::corporate:::::

References

Link	Resource
http://osvdb.org/36116
http://secunia.com/advisories/26054	Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html
http://www.securityfocus.com/bid/24810
http://www.vupen.com/english/advisories/2007/2506
https://exchange.xforce.ibmcloud.com/vulnerabilities/35352

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-07-16T23:00:00

Updated: 2017-07-28T12:57:01

Reserved: 2007-07-16T00:00:00

Link: CVE-2007-3800

JSON object: View

NVD Information

Status : Modified

Published: 2007-07-16T23:30:00.000

Modified: 2017-07-29T01:32:32.753

Link: CVE-2007-3800

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-07-12T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "symantec-antivirus-rtv-privilege-escalation(35352)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35352"}, {"name": "24810", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/24810"}, {"name": "26054", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26054"}, {"name": "ADV-2007-2506", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/2506"}, {"name": "36116", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/36116"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-3800", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "symantec-antivirus-rtv-privilege-escalation(35352)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35352"}, {"name": "24810", "refsource": "BID", "url": "http://www.securityfocus.com/bid/24810"}, {"name": "26054", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26054"}, {"name": "ADV-2007-2506", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/2506"}, {"name": "36116", "refsource": "OSVDB", "url": "http://osvdb.org/36116"}, {"name": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html", "refsource": "CONFIRM", "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-3800", "datePublished": "2007-07-16T23:00:00", "dateReserved": "2007-07-16T00:00:00", "dateUpdated": "2017-07-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:symantec:client_security:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E45E229-0B88-43A6-9888-054520F87EA0", "versionEndIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:client_security:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0DDD0E02-306D-4675-B73A-2C2F619CDDCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:client_security:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "5324D40A-76EA-4CC4-A1B1-971069A4E161", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:*:*:corporate:*:*:*:*:*", "matchCriteriaId": "34A605C6-2412-469D-BCF3-518BEAD90579", "versionEndIncluding": "10.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:9.0:*:corporate:*:*:*:*:*", "matchCriteriaId": "D9E85FD6-9E89-4497-854C-60A20639CE52", "vulnerable": true}, {"criteria": "cpe:2.3:a:symantec:norton_antivirus:10.0:*:corporate:*:*:*:*:*", "matchCriteriaId": "CAC5389A-8B18-40C4-A3E0-E50B6AA724FC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the Real-time scanner (RTVScan) component in Symantec AntiVirus Corporate Edition 9.0 through 10.1 and Client Security 2.0 through 3.1, when the Notification Message window is enabled, allows local users to gain privileges via crafted code."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el componente Real-time scanner (RTVScan) en Symantec AntiVirus Corporate Edition 9.0 hasta la 10.1 y Client Security 2.0 hasta la 3.1, cuando la ventana Notification Message est\u00e1 activada, permite a usuarios locales ganar privilegios a trav\u00e9s de c\u00f3digo manipulado."}], "id": "CVE-2007-3800", "lastModified": "2017-07-29T01:32:32.753", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 1.5, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-07-16T23:30:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/36116"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26054"}, {"source": "cve@mitre.org", "url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11c.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/24810"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/2506"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35352"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}