Symantec Norton Anti-Virus ActiveX Control Input Validation

2004-05-20T00:00:00
ID OSVDB:6303
Type osvdb
Reporter Yuu Arai(y.arai@lac.co.jp)
Modified 2004-05-20T00:00:00

Description

Vulnerability Description

Symantec Norton AntiVirus contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to insufficient input validation in an ActiveX control used by the application. It is possible that the flaw may allow arbitrary code exection, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability.

Short Description

Symantec Norton AntiVirus contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered due to insufficient input validation in an ActiveX control used by the application. It is possible that the flaw may allow arbitrary code exection, resulting in a loss of integrity.

References:

Vendor URL: http://www.symantec.com/index.htm Vendor Specific Advisory URL Secunia Advisory ID:11676 Other Advisory URL: http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/72_e.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-05/0234.html Keyword: SYM04-009 ISS X-Force ID: 16220 CIAC Advisory: o-149 CERT VU: 312510 Bugtraq ID: 10392