| Symantec Norton Products NAVCOMUI.DLL ActiveX Control Remote Code Execution Vulnerability |
|
Credit:
| Carsten Eiram of Secunia Research reported this issue to the vendor. |
|
Vulnerable:
|
Symantec Norton System Works 2006
Symantec Norton Internet Security 2006 0
Symantec Norton Internet Security 2005 Anti Spyware Edition 0
Symantec Norton AntiVirus 2006
|
|
Description:
|
Multiple Symantec Norton products are prone to a remote code-execution vulnerability. This issue occurs in an ActiveX control that is shared across multiple products.
Invoking the object from a malicious website or HTML email may trigger this condition. Successful exploits result in remote code-execution, facilitating the complete compromise of affected computers. Failed exploit attempts likely result in computer crashes.
The following products are vulnerable to this issue:
- Norton Antivirus 2006
- Norton Internet Security 2006
- Norton Internet Security, Anti Spyware Edition 2005
- Norton System Works 2006
|
| Exploit:
|
Currently SecuMania is not aware of any exploits for this issue.
If you are aware of more recent information, please mail us at: vul[at]SecuMania.org. |
|
Solution:
|
Symantec has released an advisory and fixes to address this issue. Users of affected packages should use the interactive LiveUpdate feature to obtain and apply fixes.
Please see the references for more information.
|
Subscribe to this comment's feed
Show/Hide comments
Show/Hide comment form