Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:1773
HistoryMay 19, 2007 - 12:00 a.m.

Norton Personal Firewall ISAlertDataCOM ActiveX控件缓冲区溢出漏洞

2007-05-1900:00:00
Root
www.seebug.org
11
JSON

Norton Personal Firewall是一款个人防火墙应用程序。

Norton Personal Firewall包含的ISAlertDataCOM ActiveX控件处理参数输入缺少正确边界检查,远程攻击者可以利用漏洞对应用程序进行缓冲区溢出攻击,可能以进程权限执行任意指令。

当ISLAlert.dll处理"Set()"和"Get()"方法时存在边界错误,提交超长参数可导致缓冲区溢出,构建恶意WEB页,诱使用户访问,可导致应用程序崩溃。

Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2004 Professional
Symantec Norton Personal Firewall 2004
可参考如下安全公告获得补丁信息:

<a href=“http://securityresponse.symantec.com/avcenter/security/Content/2007.05.16.html” target=“_blank”>http://securityresponse.symantec.com/avcenter/security/Content/2007.05.16.html</a>

JSON