Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

norton.2000.txt

🗓️ 20 Dec 1999 00:00:00Reported by Nicholas BrawnType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

Buffer overflow in Norton Antivirus 2000 allows EIP overwrite and potential arbitrary code execution.

Code
`This was going to be w00giving #11 (w00giving #10 will be posted within  
the next few days). Anyway, this allows EIP to be overwritten with 265+  
bytes, which person who posted this vulnerability failed to mention or  
failed to notice. It's unclear if he labeled it as a DoS because he  
didn't realize it overwrote EIP or because he was unable to produce an  
exploit. We have not had a chance to write an exploit and we will also  
try to do that within the next few days.  
  
w00w00 Security Development  
  
Title: Buffer Overflow in POProxy (Norton Antivirus 2000)  
Platforms: Windows 95/98/NT/2000  
Date: 11th December, 1999  
Last Updated: n/a  
Vendor Notified: n/a  
Author: Nicholas Brawn <[email protected]>  
  
1. Background  
  
POProxy is the program used by Norton Antivirus to proxy POP3 mail  
collection, in order to identify hostile code (viruses, trojans, etc) before  
it reaches the system.  
  
By default Norton Antivirus' POP3 scanning supports Qualcomm Eudora and  
Microsoft Outlook mail clients. Other mail client software may be configured  
to use the "Email Protection" feature of Norton Antivirus.  
  
The POProxy program listens on all configured network interfaces on TCP  
port 110.  
  
2. Description  
  
The POProxy program crashes (stack/EIP overwritten) when 265+ characters  
are sent as the parameter to the "USER" command.  
  
Note: When tested against POProxy on NT 4.0, this caused the Doctor Watson process  
to send CPU utilisation to 100%.  
  
3. Impact  
  
The vulnerability may be exploited to execute arbitrary code on a vulnerable  
system.  
  
4. Recommendation  
  
It is recommended that you disable "Email Protection" in Norton Antivirus,  
until a workaround or patch is made available by the vendor.  
  
To disable email protection go to:  
Start->Programs->Norton AntiVirus->Norton AntiVirus 2000  
  
Click on "Options", and under Email Protection, uncheck to Enable Email  
Protection box.  
  
If disabling email protection is not an acceptable option, you may choose to  
implement a third-party firewalling product to disallow unauthorised  
connections to TCP port 110. Checkout http://www.networkice.com.  
  
5. References  
  
- Norton Antivirus 2000: http://www.symantec.com/nav/nav_9xnt/  
- w00w00 Security Development: http://www.w00w00.org/  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Dec 1999 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflow vulnerabilitynorton antivirus 2000eip overwritearbitrary code executionemail protectionwindows platforms.
17