CVE-2007-1792

libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of "PE-Shield v0.2" and "ASPack v1.00-1.08.02".

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/36110
http://secunia.com/advisories/24632	Patch Vendor Advisory
http://secunia.com/secunia_research/2007-48/advisory/	Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html	Patch
http://www.securityfocus.com/archive/1/472440/100/0/threaded
http://www.securityfocus.com/bid/24625
http://www.securitytracker.com/id?1018301
http://www.vupen.com/english/advisories/2007/2335
https://exchange.xforce.ibmcloud.com/vulnerabilities/35105
http://osvdb.org/36110
http://secunia.com/advisories/24632	Patch Vendor Advisory
http://secunia.com/secunia_research/2007-48/advisory/	Vendor Advisory
http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html	Patch
http://www.securityfocus.com/archive/1/472440/100/0/threaded
http://www.securityfocus.com/bid/24625
http://www.securitytracker.com/id?1018301
http://www.vupen.com/english/advisories/2007/2335
https://exchange.xforce.ibmcloud.com/vulnerabilities/35105

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:symantec:mail_security_8820_appliance:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:symantec:mail_security:5.0.0::smtp:::::
	cpe:2.3:a:symantec:mail_security:5.0.1::smtp:::::

History

21 Nov 2024, 00:29

Type	Values Removed	Values Added
References	~~() http://osvdb.org/36110 -~~	() http://osvdb.org/36110 -
References	~~() http://secunia.com/advisories/24632 - Patch, Vendor Advisory~~	() http://secunia.com/advisories/24632 - Patch, Vendor Advisory
References	~~() http://secunia.com/secunia_research/2007-48/advisory/ - Vendor Advisory~~	() http://secunia.com/secunia_research/2007-48/advisory/ - Vendor Advisory
References	~~() http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html - Patch~~	() http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html - Patch
References	~~() http://www.securityfocus.com/archive/1/472440/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/472440/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/24625 -~~	() http://www.securityfocus.com/bid/24625 -
References	~~() http://www.securitytracker.com/id?1018301 -~~	() http://www.securitytracker.com/id?1018301 -
References	~~() http://www.vupen.com/english/advisories/2007/2335 -~~	() http://www.vupen.com/english/advisories/2007/2335 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/35105 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/35105 -

Information

Published : 2007-06-27 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2007-1792

Mitre link : CVE-2007-1792

CVE.ORG link : CVE-2007-1792

JSON object : View

Products Affected

symantec

mail_security
mail_security_8820_appliance

CWE

NVD-CWE-Other

{"id": "CVE-2007-1792", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-06-27T17:30:00.000", "references": [{"url": "http://osvdb.org/36110", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/advisories/24632", "tags": ["Patch", "Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://secunia.com/secunia_research/2007-48/advisory/", "tags": ["Vendor Advisory"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html", "tags": ["Patch"], "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/archive/1/472440/100/0/threaded", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securityfocus.com/bid/24625", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.securitytracker.com/id?1018301", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2335", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35105", "source": "PSIRT-CNA@flexerasoftware.com"}, {"url": "http://osvdb.org/36110", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/24632", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/secunia_research/2007-48/advisory/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityresponse.symantec.com/avcenter/security/Content/2007.06.26.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/472440/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/24625", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1018301", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2007/2335", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35105", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via a crafted executable attachment in an e-mail, involving the detection of \"PE-Shield v0.2\" and \"ASPack v1.00-1.08.02\"."}, {"lang": "es", "value": "libdayzero.dll en el servicio Filter Hub (filter-hub.exe) en Symantec Mail Security para SMTP anterior a 5.0.1 Patch 181 y Mail Security Appliance anterior a 5.0.0-36 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida) a trav\u00e9s de adjuntos ejecutables manipulados en un e-mail, afectando a la detecci\u00f3n de \"PE-Shield v0.2\" y \"ASPack v1.00-1.08.02\"."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:symantec:mail_security_8820_appliance:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "685D4803-ADA2-4512-87B7-0BAF0D1899A2", "versionEndIncluding": "5.0.0-35"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:mail_security:5.0.0:*:smtp:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E7788BD-652E-4306-AED0-6AE7F9A07836"}, {"criteria": "cpe:2.3:a:symantec:mail_security:5.0.1:*:smtp:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8430D5E-A8A7-4724-8A6B-B5E2CA437729"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com"}

7.8 /10