Patch/Configuration Management, Vulnerability Management

Symantec patches remotely exploitable flaw in Norton products

Symantec on Wednesday patched a vulnerability in Norton Personal Firewall 2004 and Norton Internet Security 2004 that can be exploited for remote code execution.

The Cupertino, Calif.-based anti-virus giant advised users to employ LiveUpdate to patch the buffer overflow vulnerability in an ActiveX control used by the two programs.

CERT had notified Symantec of the vulnerability [WHEN], which occurs in the Get() and Set() functions used by ISAlertDataCOM, a function of ISALERT.DLL.

Symantec and US-CERT warned today that for successful exploitation, an attacker must dupe the victim into visiting a malicious website and clicking on a malicious document.

Symantec, in an advisory released on Wednesday, ranked the flaw’s risk impact as "medium." A Symantec spokesman today referred questions to the advisory.

Secunia reported in an advisory released today that researcher Will Dorman of CERT/CC discovered the flaw, which can be exploited to cause a stack-based buffer overflow via an overly long argument.

Secunia ranked the flaw as "highly critical," meaning it can be exploited from a remote location.

FrSIRT yesterday rated the vulnerability as "critical."


Get more IT security news. Click here for SC Magazine Blogs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.