Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
19 Mar 2004 Closed High 7.5 SYM04-005
NGSsoftware notified Symantec of a security vulnerability NGSsoftware had found in the Symantec Norton Internet Security and Symantec Norton AntiSpam 2004. If properly exploited this vulnerability could allow remote execution of arbitrary code on a targeted system resulting in possible system compromise.
Symantec Norton Internet Security and Professional 2002, 2003, 2004
Symantec Norton Personal Firewall 2003, 2004
Symantec Norton AntiSpam 2004 Corporate:
Symantec Client Firewall 5.01, 5.1.1
Symantec Client Security 1.0
Symantec was alerted to remote access vulnerabilities that NGSsoftware discovered while evaluating Symantec Norton Internet Security 2004 and Symantec Norton AntiSpam 2004. Symantec Norton Internet Security and Symantec Norton AntiSpam 2004 contain ActiveX components that do not properly validate/parse external input. A malicious individual could potentially exploit these weaknesses to launch a local application on the target system and possibly run arbitrary code of their choice on the local system with elevated privileges.
To do this successfully, the attacker would need to either entice the targeted user to visit a location where the malicious code could be launched or to download and launch the malicious code on their system. Successful execution of these security issues could result in compromise of the targeted system.
The Common Vulnerabilities and Exposures (CVE) initiative has assigned the following Candidate names to these issues:
The Symantec Norton AntiSpam issue has been assigned CAN-2004-0363
The Symantec Norton Internet Security issue has been assigned CAN-2004-0364
These are candidates for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Symantec verified the issue reported by NGSsoftware for Symantec Norton AntiSpam 2004 and Symantec Norton Internet Security 2004 and released a fix via Symantec LiveUpdate. Additional review determined the issue NGSsoftware reported for Symantec Norton Internet Security 2004 also impacted additional versions of Symantec Client Firewall products. Symantec product engineers developed fixes for the issue and released patches for all impacted products through Symantec LiveUpdate and technical support channels.
To update retail products via Symantec LiveUpdate, users should:
Open any installed Symantec product
Click on LiveUpdate in the toolbar
Run LiveUpdate until all available Symantec product updates are downloaded and installed
Customers running Symantec Client Firewall or Symantec Client Security should download and apply patches obtained through their appropriate support channels.
Symantec is not aware of any active attempts against or customer impact from this issue.
As a part of normal best practices, Symantec recommends using a multi-layered approach to security. Users, at a minimum, should run both personal firewall and antivirus applications with current updates to provide multiple points of detection and protection to both inbound and outbound threats.
Users should keep vendor-supplied patches for all application software and operating systems up-to-date.
Users should further be wary of mysterious attachments and executables delivered via email and be wary of visiting unknown/untrusted websites.
Do not open attachments or executables from unknown sources. Always err on the side of caution.
Even if the sender is known, be wary of attachments if the sender does not fully explain the attachment content in the body of the email. You do not know the source of the attachment.
If in doubt, contact the sender before opening the attachment. If still in doubt, delete the attachment without opening it.
Symantec appreciates the cooperation of Mark Litchfield and the NGSsoftware research team in identifying these issues
3/22/2004 - Added CVE Candidate names
4/19/2004 - Added information on additional affected products and fix availability
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.