Symantec have owned up to a pretty serious bug in their Norton Internet Security application.

The bug relates to an ActiveX control that's shipped with Norton Personal Firewall 2004 and Norton Internet Security 2004.  This ActiveX control contains a vulnerability that could allow a hacker to run code on a remote PC.

Here are some details:

Details
CERT notified Symantec that a buffer overflow exists in an ActiveX Control used by Norton Personal Firewall. The error occurs in the Get() and Set() functions used by ISAlertDataCOM, which is part of ISLALERT.DLL. A successful exploit of this vulnerability could potentially allow the remote execution of code on a vulnerable system, with the rights of the logged-in user.

If you're still using Norton Personal Firewall 2004 or Norton Internet Security 2004 then you need to make sure that LiveUpdate is run and that you application is updated.

This entry was posted on Thursday, May 17th, 2007 at 19:20 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.