search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Symantec Norton AntiVirus vulnerable to DoS via the Auto-Protect "SmartScan" feature

Vulnerability Note VU#713620

Original Release Date: 2005-03-30 | Last Revised: 2005-03-30


Symantec Norton AntiVirus may hang or crash when the Auto-Protect module SmartScan feature scans a renamed file on a network share.


Symantec Norton AntiVirus is an anti-virus product for desktop and enterprise use. The Norton AntiVirus "Auto-Protect" module provides automatic file scanning and detection of viruses, Trojans, and worms. The Auto-Protect module includes a feature called "SmartScan" which, as an alternative to scanning all file types, only scans specifically targeted file types and extensions. A flaw in the SmartScan feature is triggered when a file residing on a network share is renamed that may cause excessive CPU consumption and an eventual system hang or crash as a result.


A local authenticated user may be able to cause the system to crash or hang by renaming a file residing on a network share.


Apply an update

Symantec has released fixes for this problem that are available through the LiveUpdate functionality of the products. Symantec advisory SYM05-006 provides details on obtaining updates through LiveUpdate or other channels.

Vendor Information


Symantec Corporation Affected

Updated:  March 30, 2005



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Symantec advisory SYM05-006 provides details on the vulnerability and available updates to correct the flaw.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



Thanks to Isamu Noguchi, JPCERT, and IPA for reporting this vulnerability.

This document was written by Ken MacInnis.

Other Information

CVE IDs: CVE-2005-0923
Severity Metric: 4.05
Date Public: 2005-03-28
Date First Published: 2005-03-30
Date Last Updated: 2005-03-30 20:18 UTC
Document Revision: 5

Sponsored by CISA.