POProxy is the program used by Norton Antivirus to proxy POP3 mail collection, in order to identify hostile code (viruses, Trojans, etc) before it reaches the system. By default Norton Antivirus' POP3 scanning supports Qualcomm Eudora and Microsoft Outlook mail clients. Other mail client software may be configured to use the "Email Protection" feature of Norton Antivirus.
The POProxy program listens on all configured network interfaces on TCP port 110. The POProxy program crashes (stack/EIP overwritten) when 265+ characters are sent as the parameter to the "USER" command.
Note: When tested against POProxy on NT 4.0, this caused the Doctor Watson process to send CPU utilization to 100%.
Credit:
The information was provided by: Matt Conover.
It is recommended that you disable "Email Protection" in Norton Antivirus, until a workaround or patch is made available by the vendor.
To disable email protection go to:
Start->Programs->Norton AntiVirus->Norton AntiVirus 2000
Click on "Options", and under Email Protection, uncheck to Enable Email Protection box.
If disabling email protection is not an acceptable option, you may choose to implement a third-party firewalling product to disallow unauthorized connections to TCP port 110.
It also seems that the latest version of the product (which can be updated using the AutoUpdate feature of the product) stops this vulnerability from happening.
