In association with heise online

18 May 2007, 09:04

Vulnerability in Norton Personal Firewall 2004

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers may be able to exploit a vulnerability in Symantec's Norton Personal Firewall 2004 to inject arbitrary malicious code into vulnerable systems and execute it. The vendor says that the flaw in the ISAlertDataCOM ActiveX module (ISLALERT.DLL) can be exploited when specially crafted parameters are passed to the functions "Get()" and "Set()". Victims do, however, first have to visit a manipulated website using Internet Explorer for the attack to succeed.

Since the Personal Firewall is also part of Norton Internet Security Suite 2004, users of this package are vulnerable as well. Symantec says that later versions of the software are not affected. The vendor is providing updated modules that no longer contain the flaw via LiveUpdate. Those who do not have these updates automatically installed should launch LiveUpdate manually as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit