Symantec decomposer engine malformed rar vulnerabilities - windows

A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Norton App Lock, prior to 1. In this type of circumstance, the exploit can allow the user to circumvent the app to prevent it from locking other apps on the device, thereby allowing the individual to gain access. Norton Password Manager, prior to 6. Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting XSS exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.

An information disclosure vulnerability in Symantec Reporter web UI The malicious administrator user can also obtain the passwords of other Reporter web UI users. DLP A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Symantec Messaging Gateway prior to By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files.

The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. The Symantec Messaging Gateway can encounter a file inclusion vulnerability, which is a type of vulnerability that is most commonly found to affect web applications that rely on a scripting run time. This issue is caused when an application builds a path to executable code using an attacker-controlled variable in a way that allows the attacker to control which file is executed at run time.

This file inclusion vulnerability subverts how an application loads code for execution. Successful exploitation of a file inclusion vulnerability will result in remote code execution on the web server that runs the affected web application. The Symantec Messaging Gateway, when processing a specific email attachment, can allow a malformed or corrupted Word file with a potentially malicious macro through despite the administrator having the 'disarm' functionality enabled.

This constitutes a 'bypass' of the disarm functionality resident to the application. Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5. View Analysis Description. By selecting these links, you will be leaving NIST webspace.

We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose.