– Severity: 1/4
– Consequences: data creation/edition
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 29/04/2009

IMPACTED PRODUCTS

– Symantec Antivirus

DESCRIPTION OF THE VULNERABILITY

The Symantec Reporting Server component is used by several
Symantec products to generate reports.

The authentication page of Symantec Reporting Server displays a
message for the user. However, this message directly originates
from the url.

An attacker can therefore indicate his own message in the url.
When the victim clicks on this url, the message of the attacker is
then displayed on the Symantec Reporting Server site, which can
deceive the victim. This vulnerability can for example be used for
a phishing attack.

CHARACTERISTICS

– Identifiers: BID-34668, CVE-2009-1432, SYM09-008,
VIGILANCE-VUL-8681
– Url: http://vigilance.fr/vulnerability/Symantec-Reporting-Server-message-injection-8681

To change your email preferences (frequency, severity threshold, format):
https://vigilance.fr/?action=2041549901&langue=2