Symantec patches flaw in Norton products

By
Follow google news

Symantec on has patched a vulnerability in Norton Personal Firewall 2004 and Norton Internet Security 2004 that can be exploited for remote code execution.

Symantec patches flaw in Norton products
The anti-virus giant advised users to employ LiveUpdate to patch the buffer overflow vulnerability in an ActiveX control used by the two programs.

CERT had notified Symantec of the vulnerability [WHEN], which occurs in the Get() and Set() functions used by ISAlertDataCOM, a function of ISALERT.DLL.

Symantec and US-CERT warned that for successful exploitation, an attacker must dupe the victim into visiting a malicious website and clicking on a malicious document.

Symantec, in an advisory released on Wednesday, ranked the flaw’s risk impact as "medium." A Symantec spokesman today referred questions to the advisory.

Secunia reported in an advisory released today that researcher Will Dorman of CERT/CC discovered the flaw, which can be exploited to cause a stack-based buffer overflow via an overly long argument.

Secunia ranked the flaw as "highly critical," meaning it can be exploited from a remote location.

FrSIRT yesterday rated the vulnerability as "critical."
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
flawinnortonpatchesproductssecuritysymantec

Sponsored Whitepapers

Protect the data your business relies on
Protect the data your business relies on
The cloud tipping point
The cloud tipping point
How AI will deliver real business value
How AI will deliver real business value
The multicloud imperative
The multicloud imperative
Your multicloud advantage
Your multicloud advantage

Events

Most Read Articles

WA man jailed for at least five years for evil twin attack

WA man jailed for at least five years for evil twin attack
Home Affairs to unleash AI on sensitive government data

Home Affairs to unleash AI on sensitive government data
Watt flags more fed insourcing after BoM website outrage

Watt flags more fed insourcing after BoM website outrage
ASX outage caused by security software upgrade

ASX outage caused by security software upgrade
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?