Naughty Norton: Symantec Fixes Flaw in Security Software

May 18, 2007

The security vendor has patched a buffer overflow vulnerability that could allow an attacker to remotely execute malicious code.

Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.

According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.

In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document. As noted in the advisory, such attacks frequently begin with an e-mail containing a link to the malicious site that is meant to entice the user.

"Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only," the advisory states. "Product updates to correct the problem are available through LiveUpdate."

Though the company lists the threat as medium, it is rated highly critical by Secunia. Symantec officials said they are not aware of any customers impacted by the flaw, or any attempts to exploit it, and recommend users keep their patches up to date. A plug for the security hole can be obtained through Symantec's LiveUpdate feature.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Many docs believe mobile health apps can improve patient care

add to favorites email to friend print save as pdf

Related Stories

US company sells out of Ebola toys

5 hours ago

They might look tasteless, but satisfied customers dub them cute and adorable. Ebola-themed toys have proved such a hit that one US-based company has sold out.

UN biodiversity meet commits to double funding

5 hours ago

A UN conference on preserving the earth's dwindling resources wrapped up Friday with governments making a firm commitment to double biodiversity aid to developing countries by 2015.

Partial solar eclipse over the U.S. on Thursday, Oct. 23

6 hours ago

People in most of the continental United States will be in the shadow of the Moon on Thursday afternoon, Oct. 23, as a partial solar eclipse sweeps across the Earth. For people looking through sun-safe filters, from Los Angeles, ...

Recommended for you

Amazon, Simon & Schuster sign book retail deal

3 minutes ago

Amazon has reached a deal with American book publisher Simon & Schuster, the companies said, though the e-commerce giant remains at loggerheads with France's Hachette over e-book pricing.

Review: Apple Pay in action

25 minutes ago

If there ever comes a day I can ditch my wallet and use my phone to pay for everything, I'll look back to my first purchase through Apple Pay: a Big Mac and medium fries for $5.44. That wallet-free day won't ...

Samsung seeks boost from redesigned Note

32 minutes ago

The latest version of Samsung's popular big-screen Galaxy Note has gone on sale at a crucial time for the South Korean company as it suffers a rapid decline in profit from its global smartphone business.

User comments : 0