Smokey's Security Weblog

veritas odium parit

Symantec confirms ActiveX bugs in its own consumer software

Symantec Corp. has confirmed flaws in its most popular consumer security software that could give attackers the means to hijack the Windows PCs that the programs are supposed to protect.

The vulnerabilities are in an ActiveX control that ships with several products, including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.

According to alerts released Wednesday by VeriSign Inc.’s iDefense, the ActiveX control SymAData.dll sports two vulnerabilities that could be used “to execute arbitrary code with the privileges of the currently logged in user” by attackers able to entice victims to malicious Web sites.

Symantec confirmed the vulnerabilities Wednesday in its own advisory, and said the buggy control has shipped with Windows versions of Norton AntiVirus 2006-2008, Norton Internet Security 2006-2008, Norton SystemWorks 2006-2008 and Norton 360 Version 1.0.

While it acknowledged the bugs, Symantec also downplayed the threat, saying that attacks would succeed only from specially crafted sites. “To successfully exploit either vulnerability, an attacker would need to be able to masquerade as the trusted Symantec Web site, such as through a cross-site scripting attack or DNS poisoning,” read the company’s advisory.

However, cross-site scripting attacks have become common, and although DNS “poisoning” — fooling a DNS server into thinking the bogus routing directions it’s received are authentic — is less common, it’s not unheard of.

The flawed ActiveX control is used by Symantec’s AutoFix tool, which is included with some of the company’s software and may also be downloaded to a PC during a live chat with a Symantec technical support representative. AutoFix diagnoses PC problems and offers solutions.

Source: CW Security

Advertisements

April 5, 2008 - Posted by | Alerts, Friends, Norton Internet Security, Recommended External Security Related Links, Vulnerabilities | , , , , , , , ,

1 Comment »

  1. Symantec Response

    Symantec engineers have developed and released updates to address both of these vulnerabilities.

    http://www.symantec.com/avcenter/security/Content/2008.04.02a.html

    Comment by Smokey | April 6, 2008 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: