exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SYM07-007.txt

SYM07-007.txt
Posted May 17, 2007
Authored by Will Dormann | Site symantec.com

CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.

tags | advisory, remote, overflow, activex
SHA-256 | d49a4538ed914205ac16fccdbfb47339d45d295f3853beba2e60cbf022694dfe

SYM07-007.txt

Change Mirror Download
SYM07-007
May 16, 2007

Symantec Norton Personal Firewall 2004 ActiveX Control Buffer Overflow

Risk Impact
Medium

Affected Products

Norton Internet Security 2004
Norton Personal Firewall 2004

Details

CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.


Symantec Response

Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only. Product updates to correct the problem are available through LiveUpdate.

To successfully exploit this vulnerability, an attacker would need to entice the user to view a specially crafted HTML document. This type of attack is often achieved by sending email containing a link to the malicious site, and persuading the recipient to click on the link.

Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.

As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec recommends any affected customers update their product immediately to protect against potential attempts to exploit this vulnerability.

How to obtain the update

Norton Internet Security and Norton Personal firewall 2004 users who normally run manual LiveUpdate to obtain product updates can also obtain this update through the same process.
If you have not previously installed all available product updates, you will need to obtain those updates first. You will need to modify your LiveUpdate settings to connect to the archive LiveUpdate server to obtain the previous product updates.

Please see this Knowledgebase article for information:

How to obtain the programs updates that are archived on Symantec LiveUpdate server
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2007010219171513

After you have downloaded and installed all available updates from the archive server, you will be able to download the update for this vulnerability.

Mitigation

Symantec has released IPS signatures for the Symantec products listed below, to detect attempts to exploit this vulnerability:

Symantec Client Security SU# 62 and later
Norton Internet Security SU# 50 and later
Symantec Gateway Security SU# 46 and later
Symantec Network Security SU# 81 and later


Credit
Symantec would like to thank Will Dormann of the CERT Coordination Center (http://www.cert.org/certcc.html) for reporting this issue and coordinating with us on the response.

Future updates to this adivsory, if needed, will be available here:
http://www.symantec.com/avcenter/security/Content/2007.05.16.html


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Symantec Product Security Team

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)

iQEVAwUBRktziP9Lqygkbb6BAQjETgf+KSkztR+vcdeBHw3ehiOTWtlCbgGZWhOK
sPlfIq5n/26xeIA+oCrnN3li28nYqpf/qpvlJXrz8TfbHHZ8CiE2lIGsKIPDwoqX
ihLgNE29FCNZy+148TqIjyDzDvF2Skt2OVNeCjvJf/uSN380cGS2s9uBOIm9L0Lc
CSIpX9OjTs+Gw/fMYNRz946TNYHbYyDMu80tk1jOSewGthEw+b9pCZcz0jX45w5T
usycg/JHWAwgtJdcgogINQxtm1iSHco74XBWJGWNmsz0aSINi7AQ2bTKYMP3GbHq
wWgdfkmSeyeidQ5ndOFz/qoAreO65tzRi7zqeEtD0yWaG5LwyYFhVw==
=uUcA
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close