|
|
|
|
| |
Symantec's Norton Internet Security 2003 "provides essential protection from viruses, hackers, and privacy threats. Powerful yet easy to use, this award-winning suite now includes advanced spam-fighting software to filter unwanted mail out of your inbox".
A cross site scripting vulnerability in the product allows remote attackers to cause the product to return arbitrary HTML and/or JavaScript inside its Blocked HTML page as if it was the product's HTML and/or JavaScript. |
| |
Credit:
The information has been provided by DigitalPranksters.
|
| |
Vulnerable systems:
* Norton Internet Security 2003 version 6.0.4.34
When Norton Internet Security 2003 blocks a web site, it returns a web page to the browser stating that the site has been blocked. This error message contains the URL that was requested. Norton Internet Security 2003 appears to do no validation or encoding of the URL before returning it in the error message. This allows an attacker to supply a URL that contains script. This script will run in the context of the blocked site.
The HTML returned by Norton Internet Security 2003 when a site is blocked looks like the following:
< html>< head>< title>Site Blocked</title></head><body>
< br>< b>Norton Internet Security has blocked access to this restricted site.</b><br><hr><br>
< p>< b>Site:
</b>http://server/page.cgi?< SCRIPT>alert(document.domain)</SCRIPT></p>
< p>< b>Blocked categories: </b>xxxxxxxxx</p>
< p>If you think this web site is incorrectly categorized, visit the Symantec < a
href="http://www.symantec.com/avcenter/cgi-bin/nisurl.cgi?lang=EN&unblock=xxxxxxxxx">Internet
Security Center</a> to report it.</p>
</body></html>
Exploit:
A URL like http://BlockedSite/page.cgi?< SCRIPT>alert(document.domain)</SCRIPT> will run script.
Resolution:
The fix is now available through the product's LiveUpdate functionality.
|
|
|
|
|
|
|
