Description
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
Product(s):
- Symantec Norton Antivirus 2.1 for MS Exchange
- Symantec Norton Antivirus 2001
- Symantec Norton Antivirus 2002
- Symantec Norton Antivirus 2003
- Symantec Norton Antivirus Corporate 7.0
- Symantec Norton Antivirus Corporate 7.2
- Symantec Norton Antivirus Corporate 7.51
- Symantec Norton Antivirus Corporate 7.5
- Symantec Norton Antivirus Corporate 7.60 Build 926
- Symantec Norton Antivirus Corporate 7.61
- Symantec Norton Antivirus Corporate 7.6
- Symantec Norton Antivirus Corporate 8.0
- Symantec Norton Antivirus Professional 2001
- Symantec Norton Antivirus Professional 2002
- Symantec Norton Antivirus Professional 2003
- Symantec Norton Antivirus Professional 2004
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2147, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2147 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.