CVE-2007-3021

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

Published: Jun 5, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-3021
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
symantec / norton_antivirus	10.1	10.1.x
symantec / norton_antivirus	10.1.400	10.1.400.x
symantec / norton_antivirus	10.1.401	10.1.401.x
symantec / client_security	3.1.396	3.1.396.x
symantec / norton_antivirus	10.1.396	10.1.396.x
symantec / client_security	3.1.401	3.1.401.x
symantec / client_security	3.1.400	3.1.400.x
symantec / reporting_server	-	1.0.197.0.x
symantec / client_security	3.1	3.1.x
symantec / client_security	3.1.394	3.1.394.x
symantec / norton_antivirus	10.0.2.2021	10.0.2.2021.x

Vulnerability Database

289,697

CVE-2007-3021