|
|
|
|
| |
Credit:
The information has been provided by iDefense Labs.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=677
|
| |
Vulnerable Systems:
* Norton Internet Security 2008 version 2.7.0.1
Norton Internet Security 2008 installs the following ActiveX control which is registered as safe for scripting:
Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8
File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll
Version 2.7.0.1
This control contains an exploitable stack based buffer overflow.
Analysis:
Exploitation allows attackers to execute arbitrary code with the privileges of the currently logged in user. In order for exploitation to occur, an attacker would have to lure a vulnerable user to a malicious web site.
While this control is marked as safe for scripting, the control has been designed so that it can only be run from the "symantec.com" domain. In practice this requirement can be bypassed through the use of any Cross Site Scripting (XSS) vulnerabilities in the Symantec domain. Exploitation could also occur through the use of DNS poisoning attacks.
Workaround:
Setting the kill-bit for this control will prevent it from being loaded within Internet Explorer. However, doing so will prevent legitimate use of the control.
Vendor response:
Symantec has addressed this vulnerability by releasing updates. For more information, refer to their advisory at the following URL.
http://www.symantec.com/avcenter/security/Content/2008.04.02a.html
CVE Information:
CVE-2008-0312
Disclosure timeline:
12/05/2007 - Initial vendor notification
12/05/2007 - Initial vendor response
04/02/2008 - Coordinated public disclosure
|
|
|
|
|
