|Exploit publicly available||No|
An ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 contains a buffer overflow vulnerability.
|Norton Internet Security||2004||Run LiveUpdate|
|Norton Personal Firewall||2004||Run LiveUpdate|
|Norton Antivirus||2005 and later||All|
|Norton Internet Security||2005 and later||All|
|Norton System Works||2005 and later||All|
|Symantec Client Security||All||All|
|Symantec AntiVirus Corporate Edition||All||All|
CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.
Symantec product engineers have determined that the issue affects Norton Personal Firewall and Norton Internet Security 2004 only. Product updates to correct the problem are available through LiveUpdate.
To successfully exploit this vulnerability, an attacker would need to entice the user to view a specially crafted HTML document. This type of attack is often achieved by sending email containing a link to the malicious site, and persuading the recipient to click on the link.
Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue.
As a part of normal best practices, users should keep vendor-supplied patches for all application software and operating systems up-to-date. Symantec recommends any affected customers update their product immediately to protect against potential attempts to exploit this vulnerability.
How to obtain the update
Norton Internet Security and Norton Personal firewall 2004 users who normally run manual LiveUpdate to obtain product updates can also obtain this update through the same process. Run manual LiveUpdate as follows:
If you have not previously installed all available product updates, you will need to obtain those updates first. You will need to modify your LiveUpdate settings to connect to the archive LiveUpdate server to obtain the previous product updates.
- Open any installed Norton product
- Click LiveUpdate
- Run LiveUpdate
Please see this Knowledgebase article for information:
How to obtain the programs updates that are archived on Symantec LiveUpdate server
After you have downloaded and installed all available updates from the archive server, you will be able to download the update for this vulnerability.
Symantec has released IPS signatures for the Symantec products listed below, to detect attempts to exploit this vulnerability.
|Products||Security Update Number (SU#) |
|Symantec Client Security||62 and later|
|Norton Internet Security||50 and later|
|Symantec Gateway Security||46 and later|
|Symantec Network Security||81 and later|
As part of normal best practices, Symantec strongly recommends a multi-layered approach to security:
- Run under the principle of least privilege.
- Keep operating systems and applications updated with the latest vendor patches.
- Run both a personal firewall and antivirus application with current updates to provide multiple points of detection and protection.
- Be cautious when receiving attachments, executables, and web links through email. Do not open email from unknown senders.
- Email addresses can easily be spoofed so that a message appears to come from someone you know. If in doubt, contact the sender to confirm they sent it before opening attachments or following web links.
Symantec would like to thank Will Dormann of the CERT Coordination Center (http://www.cert.org/certcc.html) for reporting this issue and coordinating with us on the response.
This issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list (http://cve.mitre.org), which standardizes names for security problems. The CVE initiative has assigned CVE-2007-1689 to this issue
Symantec takes the security and proper functionality of our products very seriously. As founding members of the Organization for Internet Safety (OISafety), Symantec supports and follows the principles of responsible disclosure. Symantec also subscribes to the vulnerability disclosure guidelines outlined by the National Infrastructure Advisory Council (NIAC).
Please contact email@example.com if you feel you have discovered a security issue in a Symantec product. A Symantec Product Security team member will contact you regarding your submission. Symantec strongly recommends using encrypted email for reporting vulnerability information to firstname.lastname@example.org. The Symantec Product Security PGP key can be found at the end of this message.
Symantec has developed a Product Vulnerability Response document outlining the process we follow in addressing suspected vulnerabilities in our products. This document is available below.
Copyright © by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from email@example.com.
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and firstname.lastname@example.org are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.
Initial Post on: Wednesday, 16-May-07 07:40:00
Last modified on: Wednesday, 16-May-2007 08:05:14 PDT
[an error occurred while processing this directive]
©1995 - Symantec Corporation