Naughty Norton: Symantec Fixes Flaw in Security Software

May 18, 2007

The security vendor has patched a buffer overflow vulnerability that could allow an attacker to remotely execute malicious code.

Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.

According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.

In order for an exploit to work, however, the hacker must first trick the user into viewing a specially crafted HTML document. As noted in the advisory, such attacks frequently begin with an e-mail containing a link to the malicious site that is meant to entice the user.

"Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only," the advisory states. "Product updates to correct the problem are available through LiveUpdate."

Though the company lists the threat as medium, it is rated highly critical by Secunia. Symantec officials said they are not aware of any customers impacted by the flaw, or any attempts to exploit it, and recommend users keep their patches up to date. A plug for the security hole can be obtained through Symantec's LiveUpdate feature.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International


print this article email this article download pdf blog this article bookmark this article     Stumble it Digg this share on Facebook retweet share on Reddit add to delicious
Rate this story - 3.8 /5 (5 votes)


May 18, 2007 all stories

Comments: 0

3.8 /5 (5 votes)
  • Stumble this up

  • Digg this

  • share this

  • hide

  • Related Stories

  • Sex, videos, friends, games hot with kids online: Norton
    created Aug 12, 2009 | popularity not rated yet | comments 0
  • Digital TV likes clear signal path
    created Dec 31, 2008 | popularity not rated yet | comments 0
  • Computer scientists set on winning the computer virus 'cold war'
    created May 24, 2007 | popularity not rated yet | comments 0
  • Security Bigwigs Patch Their Programs
    created May 13, 2007 | popularity not rated yet | comments 0
  • Symantec Announced New Norton 360 - All-In-One Security
    created Feb 27, 2007 | popularity not rated yet | comments 0



  • hide

  • Relevant PhysicsForums posts

  • transient heat transfer
    created 2 hours ago
  • Trying to adapt a fuel gage circuit
    created 20 hours ago
  • Pushing the piston.
    created Nov 22, 2009
  • Do Camcorders/ Video camera have Sensors in them?
    created Nov 22, 2009
  • More from Physics Forums - General Engineering

Other News

A visitor looks at laptops at a computer fair

Gartner forecasts 2.8 percent growth in PC sales in 2009

Technology / Business

created 1hour ago | popularity not rated yet | comments 0

Worldwide sales of personal computers, which had been forecast to decline this year, will instead post modest gains, Gartner research group said Monday.


Google said Teracent can pick and choose from thousands of creative elements of a display ad in real-time

Google buying display ad startup Teracent

Technology / Internet

created 1hour ago | popularity not rated yet | comments 1

Google is acquiring Web display advertising startup Teracent, the Internet giant announced on Monday.


Intel logo A

Intel wants a chip implant in your brain

Technology / Hi Tech

created 8 hours ago | popularity 3.9 / 5 (13) | comments 23

(PhysOrg.com) -- Computer chip maker Intel wants to implant a brain-sensing chip directly into the brains of its customers to allow them to operate computers and other devices without moving a muscle.


Workers at the Statkraft Osmotic power plant prototype in Tofte

Harnessing the power of salt, Norway tries osmotic power

Technology / Energy

created 9 hours ago | popularity 2.5 / 5 (2) | comments 2

After wind, sun, currents and tides, a company is preparing to make clean electricity by harnessing another natural phenomenon, the energy-unleashing encounter of freshwater and seawater.


Microsoft has held talks with Rupert Murdoch's News Corp over removing its news websites from Google, a report said

News Corp, Microsoft hold talks on Google: report

Technology / Internet

created 9 hours ago | popularity 2.3 / 5 (3) | comments 3

Microsoft has held talks with Rupert Murdoch's News Corp over a possible plan for the software giant to pay the media company to remove its news websites from Google, a report said Monday.




PhysOrg Account
advanced search
  • follow with twitter
  • follow on facebook
  • read with kindle
  • customize RSS
  • physorg mobile
  • newsletter