Intrusion Prevention

Norton.Symspam.dll.Buffer.Overflow

Description

This indicates a possible attempt to exploit a Buffer Overflow vulnerability in Symantec Norton AntiSpam.
The vulnerability is in the "SymSpamHelper Class" ActiveX control, which cannot properly handle overly long user supplied parameters. A remote attacker can exploit this to execute arbitrary code.

Affected Products

Symantec Norton AntiSpam 2004

Impact

System Compromise: Remote code execution.

Recommended Actions

Symantec has released a patch, as stated in the advisory SYM04-005, to address this vulnerability.

CVE References

CVE-2004-0363