Symantec Norton AntiVirus 2004/2005 Auto-Protect Module denial of service
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.2 | $0-$5k | 0.00 |
A vulnerability classified as critical was found in Symantec Norton AntiVirus 2004/2005 (Anti-Malware Software). This vulnerability affects an unknown code of the component Auto-Protect Module. The manipulation with an unknown input leads to a denial of service vulnerability. The CWE definition for the vulnerability is CWE-404. The product does not release or incorrectly releases a resource before it is made available for re-use. As an impact it is known to affect availability. CVE summarizes:
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
The bug was discovered 03/28/2005. The weakness was released 03/28/2005 by Isamu Noguchi with JPCERT (Website). The advisory is available at securityresponse.symantec.com. This vulnerability was named CVE-2005-0922 since 03/29/2005. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. The technical details are unknown and an exploit is not available. This vulnerability is assigned to T1499 by the MITRE ATT&CK project.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at symantec.com.
Entries connected to this vulnerability are available at 1305 and 24725.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.5VulDB Meta Temp Score: 7.2
VulDB Base Score: 7.5
VulDB Temp Score: 7.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Denial of serviceCWE: CWE-404
ATT&CK: T1499
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: symantec.com
Timeline
03/28/2005 🔍03/28/2005 🔍
03/28/2005 🔍
03/29/2005 🔍
03/29/2005 🔍
03/29/2005 🔍
05/02/2005 🔍
07/02/2019 🔍
Sources
Vendor: symantec.comAdvisory: securityresponse.symantec.com
Researcher: Isamu Noguchi
Organization: JPCERT
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2005-0922 (🔍)
SecurityTracker: 1013585
SecurityFocus: 12923 - Symantec Norton AntiVirus AutoProtect Module Remote Denial Of Service Vulnerability
Secunia: 14741 - Symantec Norton AntiVirus Denial of Service Vulnerabilities, Less Critical
OSVDB: 15101 - Symantec - Norton AntiVirus - AutoProtect Module Remote Denial Of Service Issue
See also: 🔍
Entry
Created: 03/29/2005 16:11Updated: 07/02/2019 06:14
Changes: 03/29/2005 16:11 (72), 07/02/2019 06:14 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.