In association with heise online

23 February 2007, 10:56

Symantec's controls for online support were a backdoor for attackers

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has reported a security hole in a number of its products that allows attackers to gain control of a Windows PC. Buffer overflows can be caused in SmartIssue tgctlsi.dll and ScriptRunner tgctlsr.dll, two ActiveX controls from vendor SupportSoft, which are part of Symantec's Automated Support Assistant for online support and troubleshooting. The flawed controls are found in Norton AntiVirus 2006, Norton Internet Security 2006 and Norton System Works 2006.

As an example of how this could work, when a user visits a malicious web site, the server can inject code via the hole and execute it with the user's rights to infect the computer with a trojan. While the controls should only interact with Symantec's sites, Symantec says that the SiteLock function has also been improperly implemented so that any web site can manipulate the controls.

An update has been released and is being distributed via LiveUpdate; it is also installed automatically when the vendor's support sites are visited with Internet Explorer. Version 2007 of the consumer products are not affected, nor are any of the Enterprise products.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit