CVE-2007-3021

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, does not initialize a critical variable, which allows attackers to create arbitrary executable files via unknown manipulations of a file that is created during data export.

Affected Software

Name	Vendor	Start Version	End Version
Client_security	Symantec	3.1 (including)	3.1 (including)
Client_security	Symantec	3.1.394 (including)	3.1.394 (including)
Client_security	Symantec	3.1.396 (including)	3.1.396 (including)
Client_security	Symantec	3.1.400 (including)	3.1.400 (including)
Client_security	Symantec	3.1.401 (including)	3.1.401 (including)
Norton_antivirus	Symantec	10.0.2.2021 (including)	10.0.2.2021 (including)
Norton_antivirus	Symantec	10.1 (including)	10.1 (including)
Norton_antivirus	Symantec	10.1.396 (including)	10.1.396 (including)
Norton_antivirus	Symantec	10.1.400 (including)	10.1.400 (including)
Norton_antivirus	Symantec	10.1.401 (including)	10.1.401 (including)
Reporting_server	Symantec	*	1.0.197.0 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2007-3021
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References