Symantec on Wednesday patched a vulnerability in Norton Personal Firewall 2004 and Norton Internet Security 2004 that can be exploited for remote code execution.
CERT had notified Symantec of the vulnerability [WHEN], which occurs in the Get() and Set() functions used by ISAlertDataCOM, a function of ISALERT.DLL.
Symantec and US-CERT warned today that for successful exploitation, an attacker must dupe the victim into visiting a malicious website and clicking on a malicious document.
Symantec, in an advisory released on Wednesday, ranked the flaw’s risk impact as "medium." A Symantec spokesman today referred questions to the advisory.
Secunia ranked the flaw as "highly critical," meaning it can be exploited from a remote location.
Get more IT security news. Click here for SC Magazine Blogs.