Symantec Norton Anti-Virus Lets Remote Users Execute Applications on the Target User's System
|
|
SecurityTracker Alert ID: 1010249
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: May 21 2004
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Advisory: Secure Net Service (LAC)
|
Version(s): 2004
|
Description: A vulnerability was reported in Norton Anti-Virus 2004. A remote user can execute applications on the target user's system in certain cases. A remote user can also cause denial of service conditions on the target system.
SecureNet Service reported that a remote user can create HTML that, when loaded by the target user, will cause the anti-virus application
to freeze. The flaw reportedly resides in an ActiveX control used by the anti-virus software.
The report also indicates that
a remote user can cause an arbitrary executable to run on the target user's system if the remote user knows the location of the
executable file.
Yuu Arai is credited with discovering this flaw.
The original advisory is available at:
http://www.lac.co.jp/security/csl/intelligence/SNSadviso
ry_e/72_e.html
|
Impact: A remote user can cause denial of service conditions on the target user's system.
A remote user may be able to cause an executable file on the target user's computer to run.
|
Solution: The vendor has issued a fix, available via LiveUpdate.
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2004.05.20.html (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
