Overview
Symantec Norton AntiVirus may hang or crash when the Auto-Protect module scans certain files.
Description
Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic file scanning and detection of viruses, Trojans, and worms. However, the Auto-Protect module may hang when scanning certain file types. |
Impact
A user may be able to cause the system to crash or hang by introducing a certain file type to the system. The user may introduce the file by downloading it, copying it, or receiving it in electronic mail, for example. Electronic mail and similar file introduction vectors may allow a remote attacker to exploit this flaw with a minimum of local user interaction. |
Solution
Apply an update Symantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. Symantec advisory SYM05-006 provides details on obtaining updates through LiveUpdate or other channels. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
Thanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.
This document was written by Ken MacInnis.
Other Information
| CVE IDs: | CVE-2005-0922 |
| Severity Metric: | 4.50 |
| Date Public: | 2005-03-28 |
| Date First Published: | 2005-03-30 |
| Date Last Updated: | 2005-03-30 20:21 UTC |
| Document Revision: | 8 |