The anti-virus giant advised users to employ LiveUpdate to patch the buffer overflow vulnerability in an ActiveX control used by the two programs.
CERT had notified Symantec of the vulnerability [WHEN], which occurs in the Get() and Set() functions used by ISAlertDataCOM, a function of ISALERT.DLL.
Symantec and US-CERT warned that for successful exploitation, an attacker must dupe the victim into visiting a malicious website and clicking on a malicious document.
Symantec, in an advisory released on Wednesday, ranked the flaw’s risk impact as "medium." A Symantec spokesman today referred questions to the advisory.
Secunia reported in an advisory released today that researcher Will Dorman of CERT/CC discovered the flaw, which can be exploited to cause a stack-based buffer overflow via an overly long argument.
Secunia ranked the flaw as "highly critical," meaning it can be exploited from a remote location.
FrSIRT yesterday rated the vulnerability as "critical."
Symantec patches flaw in Norton products
By
Frank Washkuch
on
May 21, 2007 3:53AM
Symantec on has patched a vulnerability in Norton Personal Firewall 2004 and Norton Internet Security 2004 that can be exploited for remote code execution.
Got a news tip for our journalists? Share it with us anonymously here.
Partner Content
Promoted Content
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content
How to turn digital complexity into competitive advantage
.png&h=183&w=300&c=1&s=0)
Promoted Content
Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content
Security "mindset shift" needed to protect organisations
Sponsored Whitepapers
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
