Another security product opens up customers to system takeovers

["Richard M. Smith" <rms () computerbytesman com>]

http://www.frsirt.com:80/english/advisories/2007/2822
 
A vulnerability has been identified in varioius Symantec products, which
could be exploited by remote attackers to cause a denial of service or take
complete control of an affected system. This issue is caused by a buffer
overflow error in the "AxSysListView32" and "AxSysListView32OAA"
(NavComUI.dll) ActiveX controls when processing malformed "AnomalyList" and
"Anomaly" properties, which could be exploited by remote attackers to
execute arbitrary code by tricking a user into visiting a specially crafted
web page.

Affected Products

Symantec Norton AntiVirus 2006
Norton Internet Security Anti Spyware Edition 2005
Symantec Norton Internet Security 2006
Symantec Norton SystemWorks 2006 

Solution

Patches are available via LiveUpdate in Interactive Mode. 

References

 <http://www.frsirt.com/english/advisories/2007/2822>
http://www.frsirt.com/english/advisories/2007/2822 
 <http://www.frsirt.com/english/reference-2007-2822-1.php>
http://securityresponse.symantec.com/avcenter/security/Content/2007.08.09.ht
ml
 <http://www.frsirt.com/english/reference-2007-2822-2.php>
http://secunia.com/secunia_research/2007-53/advisory

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.