Symantec has fixed a serious vulnerability with an ActiveX control used by Norton Personal Firewall 2004 and Norton Internet Security 2004 that could allow a hacker to execute code remotely on a vulnerable system.
According to Symantec officials, the company was notified of the problem by US-CERT. A buffer overflow can be triggered by an error that occurs in the Get () and Set () functions used by ISAlertDataCOM, part of ISLALERT.DLL. Successfully exploiting this vulnerability would allow an attacker to remotely execute malicious code on an unpatched system and give them the rights of the logged-in user, Symantec officials said.
eWeek Magazine
Reply With Quote