|
Brought to you by:
Suppliers of:
|
|
|
| |
Norton applications protect their own registry keys against actions by other applications.
The protection can be bypassed for the SuiteOwners key, allowing to load malicious DLLs. |
| |
Credit:
The original article can be found at: http://www.matousec.com/info/advisories/Norton-DLL-faking-via-SuiteOwners-protection-bypass.php
|
| |
Vulnerable Systems:
* Norton Personal Firewall 2006 version 9.1.0.33
* Other versions of Norton Personal Firewall 2006 and Norton Internet Security 2006 suspected.
Norton protects its own registry keys against actions of other applications. This protection can be bypassed for registry key 'HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners' using API functions RegSaveKey and RegRestoreKey. This registry key is also used to store some important information such us names of libraries, for example 'NISProd.dll'. Using RegSaveKey and RegRestoreKey a malicious application can modify values in 'SuiteOwners' such that Norton loads fake library into its own processes. A malicious code in the fake library can manipulate any Norton component and thus bypass every security protection of Norton.
Disclosure Timeline:
* 2006-08-21: Candidate for inclusion in the CVE list
* 2006-08-21: Vulnerability confirmed by popular information sources
* 2006-08-15: Advisory released
* 2006-08-15: Vendor notification
|
| Subject:
|
Norton bypass killer |
Date: |
18 Dec. 2006 |
| From: |
jim |
| www.sub7world.com have released a norton killer, many poeple use norton 03, because it autoupdates and is easy to download, now all the systems are so at risk with this, nothing picks it up. BE WARNED! |
|
|
|
|
|
|
