Symantec Data Loss Prevention up to 11.0 File Viewer memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 10.0 | $5k-$25k | 0.00 |
Summary
A vulnerability classified as critical was found in Symantec Data Loss Prevention up to 11.0. Affected by this issue is some unknown functionality of the component File Viewer. The manipulation results in memory corruption. This vulnerability is known as CVE-2011-0548. No exploit is available.
Details
A vulnerability classified as very critical has been found in Symantec Data Loss Prevention up to 11.0 (Data Loss Prevention Software). Affected is an unknown function of the component File Viewer. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. NOTE: this may overlap CVE-2011-1217.
The weakness was published 07/18/2011 by Core Security (iDefense) with CORE Security Technologies (Website). The advisory is shared for download at symantec.com. This vulnerability is traded as CVE-2011-0548 since 01/20/2011. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. There are neither technical details nor an exploit publicly available. The current price for an exploit might be approx. USD $5k-$25k (estimation calculated on 01/18/2025).
The vulnerability scanner Nessus provides a plugin with the ID 55047 (Symantec Mail Security KeyView PRZ Processing Buffer Overflow), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows. The commercial vulnerability scanner Qualys is able to test this issue with plugin 119306 (Symantec Products KeyView PRZ Processing Buffer Overflow Vulnerability (SYM11-007)).
There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
The vulnerability is also documented in the databases at X-Force (67781), Tenable (55047), SecurityFocus (BID 47962†), Secunia (SA44779†) and SecurityTracker (ID 1025594†). Similar entries are available at VDB-57549, VDB-57545, VDB-57544 and VDB-57543. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.symantec.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 10.0
VulDB Base Score: 10.0
VulDB Temp Score: 10.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 55047
Nessus Name: Symantec Mail Security KeyView PRZ Processing Buffer Overflow
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: no mitigation knownStatus: 🔍
0-Day Time: 🔍
Timeline
01/20/2011 🔍05/24/2011 🔍
06/01/2011 🔍
06/02/2011 🔍
06/07/2011 🔍
06/10/2011 🔍
06/14/2011 🔍
07/18/2011 🔍
07/18/2011 🔍
03/23/2015 🔍
01/18/2025 🔍
Sources
Vendor: symantec.comAdvisory: symantec.com
Researcher: Core Security (iDefense)
Organization: CORE Security Technologies
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2011-0548 (🔍)
GCVE (CVE): GCVE-0-2011-0548
GCVE (VulDB): GCVE-100-57960
X-Force: 67781
SecurityFocus: 47962 - RETIRED: IBM Lotus Notes Attachment Handling Multiple Buffer Overflow Vulnerabilities
Secunia: 44779 - Symantec Products KeyView PRZ Processing Buffer Overflow Vulnerability, Highly Critical
SecurityTracker: 1025594 - Symantec Mail Security Buffer Overflow in KeyView Filter Lets Remote Users Execute Arbitrary Code
Vulnerability Center: 31761 - Multiple Symantec Products KeyView PRZ File Viewer Buffer Overflow Vulnerability, Critical
See also: 🔍
Entry
Created: 03/23/2015 16:50Updated: 01/18/2025 23:15
Changes: 03/23/2015 16:50 (58), 03/24/2017 07:52 (19), 11/14/2021 16:36 (2), 01/18/2025 23:15 (16)
Complete: 🔍
Cache ID: 216::103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.