Symantec Norton AntiVirus 2004 ActiveX code execution
| nav-activex-code-execution (16220) |  High Risk |
Description:
Symantec Norton AntiVirus could allow a remote attacker to execute arbitrary code on the system, caused by improper validation of user-supplied input by the ActiveX control. By creating a specially-crafted Web page, a remote attacker could cause executables in a known location on the system to execute with privileges of the victim or cause the antivirus program to hang, once the victim visits the Web page.
Consequences:
Gain Access
Remedy:
A patch is available for this vulnerability through Symantec LiveUpdate, as listed in Symantec Security Response SYM04-009. See References.
References:
- CIAC Information Bulletin O-149: Norton AntiVirus 2004 ActiveX Control Vulnerability.
- Symantec Security Response SYM04-009: Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability.
- BID-10392: Symantec Norton AntiVirus ActiveX Control Remote Code Execution Vulnerability
- CVE-2004-0487: A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs.
- OSVDB ID: 6303: Symantec Norton Anti-Virus ActiveX Control Input Validation
- SA11676: Symantec Norton AntiVirus ActiveX Control Vulnerability
- US-CERT VU#312510: Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input
Platforms Affected:
- Symantec Norton AntiVirus 2004
Reported:
May 20, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net