http://www.eweek.com/article2/0,1759,1552059,00.asp By Dennis Fisher March 19, 2004 Vulnerabilities weaken two of Symantec Corp.'s more popular security applications, Norton AntiSpam and Norton Internet Security, researchers have found. Both flaws enable attackers to run code on remote machines. The two weaknesses, one in each product, are similar in that they both involve ActiveX controls. The vulnerability in Norton Internet Security and Norton Internet Security Professional affects an ActiveX component called WrapNISUM Class, which is marked safe for scripting. However, the component allows attackers to use the LaunchURL command to run their own codes on target machines, according to NGSSoftware Ltd., the British security company that found the problems. In order to execute the attack, someone would need to entice a user into opening a malicious HTML e-mail or visiting a Web site containing the attack code. The flaw in Norton AntiSpam is nearly identical in scope and exploitation method, except it involves an ActiveX component called SymSpamHelper. An attacker could send a long parameter to the LaunchCustomRuleWizard command, which would cause a stack buffer overflow, NGSS said. Symantec, based in Cupertino, Calif., has produced fixes for both of the problems, which are available via its LiveUpdate service. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Mar 22 2004 - 03:21:03 PST