VUPEN Security Research - Symantec Products "SYMLTCOM.dll" Buffer Overflow 
Vulnerability

http://www.vupen.com/english/research.php


I. DESCRIPTION
--------------------- 

VUPEN Vulnerability Research Team discovered a vulnerability in various
Symantec security products.

The vulnerability is caused by a buffer overflow error in the SYMLTCOM.dll
module when processing user-supplied data, which could be exploited by
remote attackers to execute arbitrary code by tricking a user into visiting
a specially crafted web page on a domain masqueraded as an authorized site.


II. AFFECTED PRODUCTS
--------------------------------

Symantec N360 version 1.0
Symantec N360 version 2.0
Symantec Norton Internet Security 2006 through 2008
Symantec Norton AntiVirus 2006 through 2008
Symantec Norton SystemWorks 2006 through 2008
Symantec Norton Confidential 2006 through 2008
Symantec Client Security versions 3.0.x
Symantec Client Security versions 3.1.x


III. SOLUTION
---------------- 

Symantec Client Security - Upgrade to SCS 3.1 MR9

Norton Consumer products - Run LiveUpdate in interactive mode


IV. CREDIT
-------------- 

The vulnerabilities were discovered by VUPEN Security


V. ABOUT VUPEN Security
---------------------------------

VUPEN is a leading IT security research company providing vulnerability
management services to allow enterprises and organizations to eliminate
vulnerabilities before they can be exploited, ensure security policy
compliance and meaningfully measure and manage risks.

VUPEN also provides research services for security vendors (antivirus,
IDS, IPS,etc) to supplement their internal vulnerability research efforts
and quickly develop vulnerability-based and exploit-based signatures,
rules, and filters, and proactively protect their customers against
potential threats.

* VUPEN Vulnerability Notification Service:

http://www.vupen.com/english/services

* VUPEN Exploits and In-Depth Vulnerability Analysis:

http://www.vupen.com/exploits


VI. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2010/0411
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100217_01
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0107


VII. DISCLOSURE TIMELINE
----------------------------------- 

2008-04-07 - Vendor notified
2008-04-08 - Vendor response
2008-05-09 - Status update received
2008-06-10 - Status update received
2008-12-05 - Status update received
2010-02-18 - Patches available, public disclosure