In association with heise online

10 August 2007, 12:16

Critical vulnerability in Norton Antivirus and Internet Security

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has revealed the presence of critical vulnerabilities in Norton AntiVirus 2006, Norton Internet Security 2006, Norton Internet Security - Anti Spyware Edition 2005 and Norton System Works 2006, which can be exploited by an attacker to gain control of a Windows PC. The problem is caused by two ActiveX controls (AxSysListView32 and AxSysListView32OAA in NAVCOMUI.DLL), in which unspecified errors occur when processing the AnomalyList and Anomaly objects. According to Secunia, these bugs allow code to be injected onto a computer and executed with the user's privileges. Visiting a crafted website is sufficient to become infected with malware via this vulnerability.

Symantec has released updates to fix the vulnerabilities. These have already been distributed via LiveUpdate. Users who have the automatic update system activated should therefore already be protected. Users who have deactivated LiveUpdate should initiate the update manually. Enterprise products are not affected.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit