CVE-2010-3497

Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."

Published: Aug 22, 2012
Updated: Apr 13, 2023
CVE: CVE-2010-3497
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
symantec / norton_antivirus	2011	2011.x

http://www.n00bz.net/antivirus-cve
http://www.securityfocus.com/archive/1/514356

Vulnerability Database

CVE-2010-3497