Symantec Product Advisory: SYM07- 021

SYM07- 021: Symantec ActiveX Control Input Validation Error

An input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works could allow an attacker to execute code on the target system.

Affected Products
Norton Antivirus 2006
Norton Internet Security 2006
Norton System Works 2006
Norton Internet Security, Anti Spyware Edition 2005

Symantec response
Symantec engineers have confirmed that the vulnerability in the products listed in the Affected Products table above. Updates for affected products are available through LiveUpdate.

No versions of Symantec AntiVirus Corporate Edition or Symantec Client Security are affected by this vulnerability.

To successfully exploit this vulnerability, an attacker would need to entice the user to view a specially crafted HTML document. This type of attack is often achieved by sending email containing a link to the malicious site, and persuading the recipient to click on the link.

Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.

More details at http://securityresponse.symantec.com/avcenter/security/Content/2007.08.09.html

Leave a Reply