qondio.com/NPSB PRINT EMAIL
Symantec Software Contains ActiveX Bugs Security firm Symantec has confirmed there are ActiveX flaws in its most popular consumer security software that could allow hackers to hijack the Windows PCs that the programs are supposed to protect. The vulnerabilities are found in several products, including Norton Antivirus (2006-2008), Norton Internet Security (2006-2008), Norton Systemworks (2006-2008) and Norton 360 version 1.0. Symantec analysts have cited the popularity of ActiveX bugs and, in comments about flaws within other company’s products, have urged caution when using the controls. Symantec confirmed the vulnerabilities in its own advisory, saying that attacks would only succeed from specially crafted sites. Symantec said it was unaware of any attempts to exploit these vulnerabilities. While it acknowledged the bugs, Symantec also downplayed the threat, stating “an attacker would need to be able to masquerade as the trusted Symantec Web site, such as through a cross-site scripting attack or DNS poisoning." Unfortunately, cross-scripting attacks have become more common and fooling a DNS server into thinking the bogus routing directions are authentic, although a little less common, is not unheard of. The flawed ActiveX control is used by Symantec's AutoFix tool, which is included with some of the company's software and may also be downloaded to a PC during a live chat with a Symantec technical support representative. AutoFix diagnoses PC problems and offers up solutions. Symantec has updated the affected consumer security software with new detection definitions designed to block any exploit of the ActiveX flaws, but will not automatically patch everyone's copy of the flawed control. A version of the AutoFix tool will be automatically installed if customers participate in an online Chat session with Symantec Technical Support or users can manually download and install a patched AutoFix from its Web site.

Contributed by Information Security on April 16, 2008, at 12:22 PM UTC.

PLEASE VISIT THE CONTRIBUTOR'S WEBSITE

Lexan Systems L.L.C. Information Security Consultants www.lexansystems.com

Reactions

No reactions yet.

Rate This Intel

Please login or sign up to rate this intel.

Comments

Please login or sign up to add a comment.

Share

Copyright Notice

The copyright for this content entitled "Symantec Software Contains ActiveX Bugs" has been specified by the contributor as:

All Rights Reserved

This content may not be copied, distributed or adapted by anyone under any circumstances.

Login Here with Any Email Address Any Password Remember login No account? Sign up.

Intel Contributor

This intel was contributed by Information Security Information Security

Qondio Archive

May, 2012 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 2008 January, February, March, April, May, June, July, August, September, October, November, December 2009 January, February, March, April, May, June, July, August, September, October, November, December 2010 January, February, March, April, May, June, July, August, September, October, November, December 2011 January, February, March, April, May, June, July, August, September, October, November, December 2012 January, February, March, April, May

Sign Up

Not a member yet? Qondio is a powerful network for making it online. If you have a website to promote, we can help. Sign up and get in on the action.

About Qondio

Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.