漏洞标题
N/A
漏洞描述信息
**争议** 说明:这个问题由供应商提出争议。Symptoms Antivirus 2002允许远程攻击者通过在“Content-Type”字段中的文件名带有排除扩展名(如.nch或.dbx),绕过电子邮件扫描,但是使用Windows Outlook获取文件名的恶意扩展名。说明:供应商对这个问题提出了争议,承认绕过了最初的扫描,但Symptoms Antivirus或Office插件将在执行病毒之前检测它。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus (NAV) 2002 allows remote attackers to bypass e-mail scanning via a filename in the Content-Type field with an excluded extension such as .nch or .dbx, but a malicious extension in the Content-Disposition field, which is used by Outlook to obtain the file name. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but Norton AntiVirus or the Office plug-in would detect the virus before it is executed
CVSS信息
N/A
漏洞类别
N/A
漏洞标题
Symantec Norton AntiVirus异常处理不一致MIME头漏洞
漏洞描述信息
Symantec Norton AntiVirus 2002是一款流行的反病毒程序,支持对邮件系统进行扫描保护。 Symantec Norton AntiVirus 2002在处理不一致的MIME头中存在漏洞,可以导致此类邮件绕过Symantec Norton AntiVirus的扫描探测。 如果Content-Type域中提供Symantec Norton AntiVirus应用程序不包含的文件类型,而在Content-Disposition域中又使用原始文件的类型,可以导致Norton Anti-Vi
CVSS信息
N/A
漏洞类别
授权问题