Vulnerability Note VU#760256

The ActiveX and HTML file browsers of the Symantec 4400 Series Clientless VPN Gateway contains various unspecified vulnerabilities

Original Release date: 20 Oct 2004 | Last revised: 20 Oct 2004

Overview

The ActiveX and HTML file browsers in the Symantec Clientless VPN Gateway 4400 Series contain various unspecified vulnerabilities.

Description

The Symantec Clientless VPN Gateway 4400 Series is a stand-alone security appliance for connecting remote users to a trusted network via a virtual private network. The ActiveX and HTML file browsers included with the 4400 Series VPN Gateway contain various vulnerabilities. The specifics of the vulnerabilities are not known.

Impact

These vulnerabilities may result in unauthorized access to the system or lead to unpredictable behavior.

Solution

Apply a Hotfix

Symantec has posted a hotfix to address this issue. The hotfix is labeled Hotfix: SCVG5-20040806-00 and can be located at:


The README file describing this hotfix is available here.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
Symantec CorporationAffected-20 Oct 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Symantec

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: Unknown
  • Date Public: 10 Aug 2004
  • Date First Published: 20 Oct 2004
  • Date Last Updated: 20 Oct 2004
  • Severity Metric: 0.62
  • Document Revision: 75

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.