CVE-2009-1432 Information
Description
Symantec Reporting Server as used in Symantec AntiVirus (SAV) Corporate Edition 10.1 before 10.1 MR8 and 10.2 before 10.2 MR2 Symantec Client Security (SCS) before 3.1 MR8 and the Symantec Endpoint Protection Manager (SEPM) component in Symantec Endpoint Protection (SEP) before 11.0 MR2 allows remote attackers to inject arbitrary text into the login screen and possibly conduct phishing attacks via vectors involving a URL that is not properly handled.
Reference
http://secunia.com/advisories/34856 http://secunia.com/advisories/34935 http://securitytracker.com/id?1022136 http://securitytracker.com/id?1022137 http://securitytracker.com/id?1022138 http://www.securityfocus.com/bid/34668 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_00 http://www.vupen.com/english/advisories/2009/1202 http://www.vupen.com/english/advisories/2009/1204 https://exchange.xforce.ibmcloud.com/vulnerabilities/50172
Share on: