|
|
|
 |
Vulnerability Note VU#312510Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate inputOverviewThere is a vulnerability in an ActiveX control provided by Norton AntiVirus 2004 that could allow an attacker to execute arbitrary programs, launch a browser window containing an unauthorized URL, or cause a denial of service on a vulnerable system.I. DescriptionNorton AntiVirus 2004 is an application that provides the ability to scan email messages, files, and other content to detect viruses, worms, and other malicious code. There is a vulnerability in the way an ActiveX control provided by Norton AntiVirus 2004 processes external input. In order to exploit this vulnerability, an attacker would need to convince a victim to view malicious HTML (a web page, for example).II. ImpactA remote, unauthenticated attacker could cause a denial of service, launch a browser window containing an unauthorized URL, or execute programs that reside on the victim's system with privileges of the vulnerable process. According to Symantec Security Advisory SYM04-009, an attacker would need to know the location of the executeable on the victim's system in order to launch the program.III. SolutionUse LiveUpdateSymantec has provided an update to address this issue. Symantec recommends that clients running Norton AntiVirus 2004 use the LiveUpdate feature to apply this update. According to Symantec, this can be done as follows:
Systems Affected
References
This vulnerability was reported by Yuu Arai of the Little eArth Corporation (LAC). This document was written by Damon Morda.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader