Symantec.Norton.Personal.Firewall.ActiveX.Buffer.Overflow
Description
Symantec Norton Personal Firewall has a vulnerability which could be exploited to cause a denial of service or take complete control of an affected system. There is a buffer overflow vulnerability in the "ISAlertDataCOM" ActiveX control, which is part of ISLALERT.DLL. The buffer overflow occurs when processing malformed arguments passed to the "Get()" and "Set()" functions. It could be leveraged to execute arbitrary code by enticing a victim to visit a specially crafted web page.
Affected Products
Symantec Norton Internet Security 2004
Symantec Norton Personal Firewall 2004
Impact
Denial of service.
Arbitrary code execution.
Recommended Actions
Fixes are available through LiveUpdate.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |