Symantec patches flaw in Norton products

By
Follow google news

Symantec on has patched a vulnerability in Norton Personal Firewall 2004 and Norton Internet Security 2004 that can be exploited for remote code execution.

Symantec patches flaw in Norton products
The anti-virus giant advised users to employ LiveUpdate to patch the buffer overflow vulnerability in an ActiveX control used by the two programs.

CERT had notified Symantec of the vulnerability [WHEN], which occurs in the Get() and Set() functions used by ISAlertDataCOM, a function of ISALERT.DLL.

Symantec and US-CERT warned that for successful exploitation, an attacker must dupe the victim into visiting a malicious website and clicking on a malicious document.

Symantec, in an advisory released on Wednesday, ranked the flaw’s risk impact as "medium." A Symantec spokesman today referred questions to the advisory.

Secunia reported in an advisory released today that researcher Will Dorman of CERT/CC discovered the flaw, which can be exploited to cause a stack-based buffer overflow via an overly long argument.

Secunia ranked the flaw as "highly critical," meaning it can be exploited from a remote location.

FrSIRT yesterday rated the vulnerability as "critical."
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
flawinnortonpatchesproductssecuritysymantec

Sponsored Whitepapers

2026 Engineering Reality Report
2026 Engineering Reality Report
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
How Kraft Heinz Transformed Planning with AI & 5 M+ Data Sets
Defend Your Network from the Next Generation of AI Threats
Defend Your Network from the Next Generation of AI Threats
Optus Enterprise Mobility
Optus Enterprise Mobility
Life After VMware: Scale Securely with mCloud by Micron21
Life After VMware: Scale Securely with mCloud by Micron21

Events

Most Read Articles

Australia's new cyber affairs ambassador sourced from ASD

Australia's new cyber affairs ambassador sourced from ASD
Microsoft breaks Windows 11 Recovery Environment in October update

Microsoft breaks Windows 11 Recovery Environment in October update
QLD government retires CISO position title

QLD government retires CISO position title
Hidden "Glassworm" malware spreads through infected VS Code extensions

Hidden "Glassworm" malware spreads through infected VS Code extensions
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?