|Exploit publicly available||No|
An ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 contains a buffer overflow vulnerability.
|Norton Internet Security||2004||Run LiveUpdate|
|Norton Personal Firewall||2004||Run LiveUpdate|
|Norton Antivirus||2005 and later||All|
|Norton Internet Security||2005 and later||All|
|Norton System Works||2005 and later||All|
|Symantec Client Security||All||All|
|Symantec AntiVirus Corporate Edition||All||All|
CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.
Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only. Product updates to correct the problem are available through LiveUpdate.
To successfully exploit this vulnerability, an attacker would need to entice the user to view a specially crafted HTML document. This type of attack is often achieved by sending email containing a link to the malicious site, and persuading the recipient to click on the link.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec recommends any affected customers update their product immediately to protect against potential attempts to exploit this vulnerability.
How to obtain the update
Norton Internet Security and Norton Personal firewall 2004 users who normally run manual LiveUpdate to obtain product updates can also obtain this update through the same process. Run manual LiveUpdate as follows:
Symantec has released IPS signatures for the Symantec products listed below, to detect attempts to exploit this vulnerability.
|Products||Security Update Number (SU#)|
|Symantec Client Security||62 and later|
|Norton Internet Security||50 and later|
|Symantec Gateway Security||46 and later|
|Symantec Network Security||81 and later|