Vigil@nce: Symantec Log Viewer, JavaScript injection
May 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can execute JavaScript code in the context of the web
server of Symantec Log Viewer.
Severity: 2/4
Consequences: client access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 29/04/2009
IMPACTED PRODUCTS
– Symantec Antivirus
– Symantec Norton AntiVirus
– Symantec Norton Internet Security
DESCRIPTION OF THE VULNERABILITY
The Symantec Log Viewer (ccLgView.exe) feature is used in several
Symantec products.
The "View Logs - Email Filtering" page of the "Statistics" option
displays information coming from the filtered emails. However, the
JavaScript code contained inside emails is not filtered before
being injected in the HTML page.
An attacker can therefore execute JavaScript code in the context
of the web server of Symantec Log Viewer, when the administrator
sees logs.
CHARACTERISTICS
Identifiers: BID 34669, CVE-2009-1428, SYM09-006,
VIGILANCE-VUL-8679
http://vigilance.fr/vulnerability/Symantec-Log-Viewer-JavaScript-injection-8679