Vulnerability in Norton Personal Firewall 2004
Attackers may be able to exploit a vulnerability in Symantec's Norton Personal Firewall 2004 to inject arbitrary malicious code into vulnerable systems and execute it. The vendor says that the flaw in the ISAlertDataCOM ActiveX module (ISLALERT.DLL) can be exploited when specially crafted parameters are passed to the functions "Get()" and "Set()". Victims do, however, first have to visit a manipulated website using Internet Explorer for the attack to succeed.
Since the Personal Firewall is also part of Norton Internet Security Suite 2004, users of this package are vulnerable as well. Symantec says that later versions of the software are not affected. The vendor is providing updated modules that no longer contain the flaw via LiveUpdate. Those who do not have these updates automatically installed should launch LiveUpdate manually as soon as possible.
See also:
(mba)