The security vendor has patched a buffer overflow vulnerability that could allow an attacker to remotely execute malicious code.
Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.
According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.
In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document. As noted in the advisory, such attacks frequently begin with an e-mail containing a link to the malicious site that is meant to entice the user.
"Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only," the advisory states. "Product updates to correct the problem are available through LiveUpdate."
Though the company lists the threat as medium, it is rated highly critical by Secunia. Symantec officials said they are not aware of any customers impacted by the flaw, or any attempts to exploit it, and recommend users keep their patches up to date. A plug for the security hole can be obtained through Symantec's LiveUpdate feature.
Copyright 2007 by Ziff Davis Media, Distributed by United Press International
Related stories:
Computer scientists set on winning the computer virus 'cold war'
First came the virus. Then came the antivirus software. Ever since, virus programmers have been escalating their technology, trying to stay one step ahead of the computer security engineers and vice versa.
Security Bigwigs Patch Their Programs
Symantec, McAfee, and Computer Associates have all fixed serious flaws in their software with recent patches and updates.
Symantec Announced New Norton 360 - All-In-One Security
Symantec Corp. today announced the availability of its newest product – Norton 360 - All-In-One Security. Norton 360 comprehensive solution combines Symantec's security and PC tune-up technologies with new automated backup and antiphishing features.
Protecting Your Computer: Part 2 - Firewalls
by Philip Dunn [ Part 1 ]
While rather new to computing in comparison to antivirus programs, in today’s Internet connected world firewalls are actually more important.
Researchers develop next-generation computer antivirus system
(PhysOrg.com) -- Antivirus software on your personal computer could become a thing of the past thanks to a new "cloud computing" approach to malicious software detection developed at the University of Michigan. Cloud computing refers to applications and services provided seamlessly on the Internet.
Resolutions should include your computing life, too
Changing computer habits rarely makes the list of top New Year's Resolutions, but there are three digital resolutions you should make to have a happier 2008, says Gerry McCartney, vice president for information technology and CIO of Purdue University.
Microsoft, TCG, Juniper Tie the NAC Knot
A lot of vendors selling a lot of components that have to agree on how to measure a lot of things have to come together to make an effective Network Access Control system.
Symantec Cracks Down on Piracy
Symantec's decision to file lawsuits against eight companies it accuses of selling pirated software was the latest move in the industry's continuing struggle against counterfeit products. That it was a top-tier security software provider also highlights the dangers to users who install pirated security products onto their systems.