Initial Publication Date: Advisory Status: Advisory Severity: Legacy ID
8 Aug 2003 Closed Low
A vulnerability has been discovered in Norton AntiVirus that can cause the host system to crash.
NAV 2002, 2003
Norton AntiVirus Corporate Edition version 7.61
Symantec Anti Virus Corporate Edition version 8.01
Symantec Anti Virus Corporate Edition version 8.1
A vulnerability has been discovered in the Auto-protect component of Norton AntiVirus. Users with access to a system can craft a buffer, send it to Auto-Protect and cause the system to crash. Exploit code has been created as a proof on concept for this vulnerability.
Symantec considers this to be a low to medium threat. Access to the system must be obtained before the vulnerability can be exploited.
Mitigating the risk - Microsoft Windows systems ship with the guest user account activated. It is recommended that the system administrator or user disable or at least password protect this account. Some level of system access is required to exploit the vulnerability. By restricting access to the system running vulnerable code will substantially reduce the risk from this and many other vulnerabilities.
As is always recommended for security, users are encouraged to not grant system access to non-trusted people. Reasonable caution should also be exercised when opening email attachments, downloading and running executables, or other similar type activities from the Internet.
Patches that address this vulnerability are available for Symantec AV 8.01 build 446, Symantec AV 8.1 build 825, NAVCE 7.61 build 46a and NAVCE 7.61 build 50.
Note: Symantec AV 8.01 build 457 and Symantec AV 8.11 build 314 and later have incorporated this fix and do not need to be patched.
Installing the patch
Two versions of the patch are available for each of Symantec AV versions 8.01 build 446, Symantec AV 8.1 build 825, NAVCE 7.61 build 46a and NAVCE 7.61 build 50. For Windows 95, 98 and Me, use the version whose file name ends with "Win9x.zip." For Windows NT, 2000, XP, and 2003 servers and clients, use the version whose file name ends with "only.zip." The patch consists of a single executable to be run on each computer.
Note: For Windows NT, 2000, XP, and 2003, you must be logged in as the local administrator account to apply the patch.
After the patch for Windows 9x/Me clients finishes, a prompt to restart the computer appears. This restart is mandatory. Windows NT, 2000, XP and 2003 clients and servers do not require a restart.
If you run the patch on an installation that cannot be patched, or on a computer that does not have Symantec AV or NAVCE installed, you will see an error message stating "Old file cannot be found."
Mitigating the risk
By default, the guest user account is enabled on some Microsoft Windows systems. Symantec recommends that the system administrator or user disable this account, or at least set a password for it. To exploit the vulnerability requires some level of system access. Restricting access to the system will substantially reduce the risk from this and many other vulnerabilities.
As is always recommended for security, encourage users not to grant system access to non-trusted people, and to exercise caution opening email attachments, downloading and running executables, or performing other similar activities involving the Internet
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.