Naughty Norton: Symantec Fixes Flaw in Security Software

May 18, 2007

The security vendor has patched a buffer overflow vulnerability that could allow an attacker to remotely execute malicious code.

Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.

According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.

In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document. As noted in the advisory, such attacks frequently begin with an e-mail containing a link to the malicious site that is meant to entice the user.

"Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only," the advisory states. "Product updates to correct the problem are available through LiveUpdate."

Though the company lists the threat as medium, it is rated highly critical by Secunia. Symantec officials said they are not aware of any customers impacted by the flaw, or any attempts to exploit it, and recommend users keep their patches up to date. A plug for the security hole can be obtained through Symantec's LiveUpdate feature.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Google releases work tools designed for Android phones

add to favorites email to friend print save as pdf

Related Stories

Motor proteins prefer slow, steady movement

20 minutes ago

takes at least two motor proteins to tango, according to Rice University scientists who discovered the workhorses that move cargo in cells are highly sensitive to the proximity of their peers.

Retracing the roots of fungal symbioses

27 minutes ago

With apologies to the poet John Donne, and based on recent work from the U.S. Department of Energy Joint Genome Institute (DOE JGI), a DOE Office of Science user facility, it can be said that no plant is ...

Recommended for you

Google hits back at rivals with futuristic HQ plan

8 hours ago

Google unveiled plans Friday for a new campus headquarters integrating wildlife and sweeping waterways, aiming to make a big statement in Silicon Valley—which is already seeing ambitious projects from Apple ...

Barclays to allow payments by using Twitter handles

12 hours ago

The next chapter in banks moving into the digital age is a stretch beyond reminding customers over phone lines that they can also bank online. Barclays has launched Twitter payments through Pingit.

Pebble smartwatch nears Kickstarter record

13 hours ago

The latest version of the Pebble smartwatch neared a record funding amount on Kickstarter on Friday amid growing interest in wearable tech and ahead of the highly anticipated Apple Watch launch.

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.