funsec mailing list archives
Another security product opens up customers to system takeovers
From: "Richard M. Smith" <rms () computerbytesman com>
Date: Thu, 9 Aug 2007 22:07:25 -0400
http://www.frsirt.com:80/english/advisories/2007/2822 A vulnerability has been identified in varioius Symantec products, which could be exploited by remote attackers to cause a denial of service or take complete control of an affected system. This issue is caused by a buffer overflow error in the "AxSysListView32" and "AxSysListView32OAA" (NavComUI.dll) ActiveX controls when processing malformed "AnomalyList" and "Anomaly" properties, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Affected Products Symantec Norton AntiVirus 2006 Norton Internet Security Anti Spyware Edition 2005 Symantec Norton Internet Security 2006 Symantec Norton SystemWorks 2006 Solution Patches are available via LiveUpdate in Interactive Mode. References <http://www.frsirt.com/english/advisories/2007/2822> http://www.frsirt.com/english/advisories/2007/2822 <http://www.frsirt.com/english/reference-2007-2822-1.php> http://securityresponse.symantec.com/avcenter/security/Content/2007.08.09.ht ml <http://www.frsirt.com/english/reference-2007-2822-2.php> http://secunia.com/secunia_research/2007-53/advisory
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Another security product opens up customers to system takeovers Richard M. Smith (Aug 09)