Norton AntiSpam 2004 SymSpamHelper ActiveX control buffer overflow

2008-12-24T00:00:00
ID SAINT:069011E84E65872152ABC08D9D7B8F93
Type saint
Reporter SAINT Corporation
Modified 2008-12-24T00:00:00

Description

Added: 12/24/2008
CVE: CVE-2004-0363
BID: 9916
OSVDB: 6249

Background

Norton AntiSpam 2004, which is included in Norton Internet Security 2004, is spam filtering software.

Problem

A buffer overflow vulnerability in the SymSpamHelper ActiveX control (symspam.dll) allows command execution when a user loads a web page which calls the LaunchCustomRuleWizard method with a long, specially crafted parameter.

Resolution

Use LiveUpdate to download and install all available product updates.

References

<http://www.kb.cert.org/vuls/id/344718>
<http://www.symantec.com/avcenter/security/Content/2004.03.19.html>
<http://www.ngssoftware.com/advisories/antispam.txt>

Limitations

Exploit works on Norton Internet Security 2004.

Platforms

Windows XP