Symantec Norton Internet Security — known CVE vulnerabilities
Every CVE whose affected-product data names Symantec Norton Internet Security, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (40)
CVE-2006-6490 — CVSS 10.0 (critical): Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by…
CVE-2004-0444 — CVSS 10.0 (critical): Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall…
CVE-2007-1689 — CVSS 10.0 (critical): Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows…
CVE-2016-3645 — CVSS 9.8 (critical): Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center…
CVE-2010-0107 — CVSS 9.3 (critical): Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and…
CVE-2007-0447 — CVSS 9.3 (critical): Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via…
CVE-2008-0312 — CVSS 9.3 (critical): Stack-based buffer overflow in the AutoFix Support Tool ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec Norton products…
CVE-2007-3699 — CVSS 9.3 (critical): The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain…
CVE-2006-3456 — CVSS 8.5 (high): The Symantec NAVOPTS.DLL ActiveX control (aka Symantec.Norton.AntiVirus.NAVOptions) 12.2.0.13, as used in Norton AntiVirus, Internet…
CVE-2016-2207 — CVSS 8.4 (high): The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6…
CVE-2016-3646 — CVSS 8.4 (high): The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6…
CVE-2016-3644 — CVSS 8.4 (high): The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6…
CVE-2016-5311 — CVSS 7.8 (high): A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Backup, Norton Security, Norton Security…
CVE-2016-2211 — CVSS 7.8 (high): The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6…
CVE-2002-0663 — CVSS 7.5 (high): Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote…
CVE-2004-0364 — CVSS 7.5 (high): The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers…
CVE-2005-0249 — CVSS 7.5 (high): Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX…
CVE-2016-2209 — CVSS 7.3 (high): Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center…
CVE-2016-2210 — CVSS 7.3 (high): Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center…
CVE-2003-0994 — CVSS 7.2 (high): The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001…
CVE-2007-5047 — CVSS 7.2 (high): Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function…
CVE-2007-3673 — CVSS 6.9 (medium): Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus Corporate Edition 9 through 10.1 and Client Security 2.0 through…
CVE-2006-1836 — CVSS 6.8 (medium): Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the…
CVE-2007-2955 — CVSS 6.8 (medium): Multiple unspecified "input validation error" vulnerabilities in multiple ActiveX controls in NavComUI.dll, as used in multiple Norton…
CVE-2008-0313 — CVSS 6.8 (medium): The ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control 2.7.0.1 in SYMADATA.DLL in multiple Symantec…
CVE-2007-5829 — CVSS 6.0 (medium): The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and 10.x, Norton AntiVirus for Macintosh 10.0 and 10.1, and Norton Internet…
CVE-2006-5403 — CVSS 5.1 (medium): Stack-based buffer overflow in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet…
CVE-2004-0375 — CVSS 5.0 (medium): SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and…
CVE-2005-0922 — CVSS 5.0 (medium): Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005…
CVE-2002-1695 — CVSS 5.0 (medium): Norton Internet Security 2001 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to…
CVE-2006-4855 — CVSS 4.9 (medium): The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet…
CVE-2007-1793 — CVSS 4.9 (medium): SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and 9.1.1.7 does not validate certain arguments before being passed to…
CVE-2009-3104 — CVSS 4.3 (medium): Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate…
CVE-2009-1428 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before…
CVE-2003-1149 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Symantec Norton Internet Security 2003 6.0.4.34 allows remote attackers to inject arbitrary web…
CVE-2006-5404 — CVSS 2.6 (low): Unspecified vulnerability in an ActiveX control used in Symantec Automated Support Assistant, as used in Norton AntiVirus, Internet…
CVE-2005-1346 — CVSS 2.6 (low): Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP…
CVE-2004-0445 — CVSS 2.6 (low): The SYMDNS.SYS driver in Symantec Norton Internet Security and Professional 2002 through 2004, Norton Personal Firewall 2002 through 2004…
CVE-2005-0923 — CVSS 2.1 (low): The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005…
CVE-2007-1476 — CVSS 1.9 (low): The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal Firewall 2006 9.1.1.7 and earlier, Internet Security 2005 and 2006…