Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

norton.2000.txt

🗓️ 20 Dec 1999 00:00:00Reported by Nicholas BrawnType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 16 Views

Buffer overflow in Norton Antivirus 2000 allows EIP overwrite and potential arbitrary code execution.

Show more
Code
`This was going to be w00giving #11 (w00giving #10 will be posted within  
the next few days). Anyway, this allows EIP to be overwritten with 265+  
bytes, which person who posted this vulnerability failed to mention or  
failed to notice. It's unclear if he labeled it as a DoS because he  
didn't realize it overwrote EIP or because he was unable to produce an  
exploit. We have not had a chance to write an exploit and we will also  
try to do that within the next few days.  
  
w00w00 Security Development  
  
Title: Buffer Overflow in POProxy (Norton Antivirus 2000)  
Platforms: Windows 95/98/NT/2000  
Date: 11th December, 1999  
Last Updated: n/a  
Vendor Notified: n/a  
Author: Nicholas Brawn <[email protected]>  
  
1. Background  
  
POProxy is the program used by Norton Antivirus to proxy POP3 mail  
collection, in order to identify hostile code (viruses, trojans, etc) before  
it reaches the system.  
  
By default Norton Antivirus' POP3 scanning supports Qualcomm Eudora and  
Microsoft Outlook mail clients. Other mail client software may be configured  
to use the "Email Protection" feature of Norton Antivirus.  
  
The POProxy program listens on all configured network interfaces on TCP  
port 110.  
  
2. Description  
  
The POProxy program crashes (stack/EIP overwritten) when 265+ characters  
are sent as the parameter to the "USER" command.  
  
Note: When tested against POProxy on NT 4.0, this caused the Doctor Watson process  
to send CPU utilisation to 100%.  
  
3. Impact  
  
The vulnerability may be exploited to execute arbitrary code on a vulnerable  
system.  
  
4. Recommendation  
  
It is recommended that you disable "Email Protection" in Norton Antivirus,  
until a workaround or patch is made available by the vendor.  
  
To disable email protection go to:  
Start->Programs->Norton AntiVirus->Norton AntiVirus 2000  
  
Click on "Options", and under Email Protection, uncheck to Enable Email  
Protection box.  
  
If disabling email protection is not an acceptable option, you may choose to  
implement a third-party firewalling product to disallow unauthorised  
connections to TCP port 110. Checkout http://www.networkice.com.  
  
5. References  
  
- Norton Antivirus 2000: http://www.symantec.com/nav/nav_9xnt/  
- w00w00 Security Development: http://www.w00w00.org/  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
20 Dec 1999 00:00Current
7.4High risk
Vulners AI Score7.4
buffer overflow vulnerabilitynorton antivirus 2000eip overwritearbitrary code executionemail protectionwindows platforms.
16
.json
Report