Naughty Norton: Symantec Fixes Flaw in Security Software

May 18, 2007

The security vendor has patched a buffer overflow vulnerability that could allow an attacker to remotely execute malicious code.

Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.

According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.

In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document. As noted in the advisory, such attacks frequently begin with an e-mail containing a link to the malicious site that is meant to entice the user.

"Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only," the advisory states. "Product updates to correct the problem are available through LiveUpdate."

Though the company lists the threat as medium, it is rated highly critical by Secunia. Symantec officials said they are not aware of any customers impacted by the flaw, or any attempts to exploit it, and recommend users keep their patches up to date. A plug for the security hole can be obtained through Symantec's LiveUpdate feature.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International

Explore further: Apple gives beta users a peek at OS X Yosemite

add to favorites email to friend print save as pdf

Related Stories

Dolphins and whales experience pleasure

10 minutes ago

Sam Ridgway has spent most of his life learning about dolphins and whales. Over his five-decade career he has asked these cetaceans various questions, including how deep they can dive and how depth affects ...

Minke whales lunge 100 times per hour to feed under sea ice

10 minutes ago

Highly manoeuvrable and built like torpedoes, minke whales are the most common whales in Antarctic waters, yet the animals could be living on a knife edge as their sea-ice homes dwindle rapidly. 'Sea ice in the area around ...

Cisco to cut 6,000 jobs in streamlining

23 minutes ago

US computer networking giant Cisco Systems said Wednesday it plans to slash some 6,000 jobs, or eight percent of its global workforce in the coming year.

Report: NSA eyed preset strikes in cyberattacks

1 hour ago

The National Security Agency secretly planned a cyberwarfare program that could automatically fire back at cyberattacks from foreign countries without any human involvement, creating the risk of accidentally ...

Recommended for you

Developers explore game experience for the blind

2 hours ago

Wait, researchers are talking about a video game for the blind? Come again? Not impossible. Game designers, reports the BBC, have been working on bringing the game experience to the blind and those with vision ...

User comments : 0