Flaws Found in Two Symantec Apps

Norton AntiSpam and Norton Internet Security each have a flaw allowing an attacker to run code on remote machines; Symantec offers fixes.

Vulnerabilities weaken two of Symantec Corp.s more popular security applications, Norton AntiSpam and Norton Internet Security, researchers have found.

Both flaws enable attackers to run code on remote machines.

The two weaknesses, one in each product, are similar in that they both involve ActiveX controls. The vulnerability in Norton Internet Security and Norton Internet Security Professional affects an ActiveX component called WrapNISUM Class, which is marked safe for scripting.

However, the component allows attackers to use the LaunchURL command to run their own codes on target machines, according to NGSSoftware Ltd., the British security company that found the problems.

In order to execute the attack, someone would need to entice a user into opening a malicious HTML e-mail or visiting a Web site containing the attack code.

The flaw in Norton AntiSpam is nearly identical in scope and exploitation method, except it involves an ActiveX component called SymSpamHelper. An attacker could send a long parameter to the LaunchCustomRuleWizard command, which would cause a stack buffer overflow, NGSS said.

Symantec, based in Cupertino, Calif., has produced fixes for both of the problems, which are available via its LiveUpdate service.

/zimages/4/28571.gifCheck out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: /zimages/4/19420.gif http://us.i1.yimg.com/us.yimg.com/i/us/my/addtomyyahoo2.gif