Contact Us Today! (215) 853-2266

Bardissi Enterprises Blog

Bardissi Enterprises has been serving the Hatfield area since 2000, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Duo of ActiveX Flaws Afflict Symantec’s Norton Internet Security Suite

Severity: Medium

4 April, 2008

Summary:

  • These vulnerabilities affect: Symantec’s Internet Security Suite, and other Norton products (see Exposure section for details)
  • How an attacker exploits them: By enticing one of your users into visiting a malicious web site
  • Impact: An attacker can execute code on your user’s computer, with your user’s privileges
  • What to do: Force a LiveUpdate immediately to ensure that you have the latest versions of Norton software

Exposure:

In posts [ 1 / 2 ] to the Full-Disclosure mailing list, iDefense describes two security vulnerabilities that affect an ActiveX control which ships with Norton Internet Security Suite. The flaws also affect Norton 360, Norton AntiVirus, and Norton SystemWorks.

Severity: Medium

4 April, 2008

Summary:

  • These vulnerabilities affect: Symantec’s Internet Security Suite, and other Norton products (see Exposure section for details)
  • How an attacker exploits them: By enticing one of your users into visiting a malicious web site
  • Impact: An attacker can execute code on your user’s computer, with your user’s privileges
  • What to do: Force a LiveUpdate immediately to ensure that you have the latest versions of Norton software

Exposure:

In posts [ 1 / 2 ] to the Full-Disclosure mailing list, iDefense describes two security vulnerabilities that affect an ActiveX control which ships with Norton Internet Security Suite. The flaws also affect Norton 360, Norton AntiVirus, and Norton SystemWorks.

According to Symantec, symadata.dll is an ActiveX control used to help its support reps troubleshoot consumer products remotely. iDefense warns that this ActiveX control suffers from two security vulnerabilities. The first — and worst — involves a buffer overflow vulnerability. By enticing one of your users to a specially designed web page, an attacker could exploit this overflow to execute code on your user’s computer, with that user’s privileges. If you give your Windows users local administrator privileges, the attacker could leverage this vulnerability to gain complete control of their computers.

The second flaw involves a design issue. As we’ve mentioned, Symantec actually designed the symadata.dll ActiveX control to give support reps some control over remote computers, in order to help troubleshoot problems for consumers. As a security measure, Symantec designed the ActiveX control to run from the symantec.com domain only. However, attackers know many sneaky techniques (e.g. Cross-Site Scripting (XSS) attacks, DNS poisoning, etc.) that can help them trick your computer into thinking they are coming from a legitimate domain. By enticing one of your users to a specially crafted web site, and exploiting these techniques, an attacker can trick Symantec’s ActiveX control into running from the symantec.com domain, thus gaining complete access to the ActiveX control’s functionality. Among other things, this ActiveX control allows the attacker to load and execute code from a remote WebDAV or SMB share, potentially allowing them to gain control of your user’s computer.

Solution Path:

Symantec has released updates to fix these vulnerabilities. If you have enabled LiveUpdate, you should have received Symantec’s patch automatically. For more information about LiveUpdate:

You can also visit Symantec’s Autofix Tool page to receive the updated ActiveX control. (Ironically, you will have to allow a Symantec to install and run an ActiveX control in order to get the update from this page.)

For All WatchGuard Users:

An attack exploiting this flaw arrives as seemingly normal HTTP traffic, which you must allow through your Firebox in order for your users to browse the web. Apply the patches above.

Status:

Symantec has released updates to fix these vulnerabilities.

References:

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, 24 December 2024
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Blog Archive

Recent Comments

Tip of the Week: Which Headphones are Right for Your Needs?
23 April 2018
I will recommend Plantronics Backbeat Pro 2 SE Noise cancelling Headset with it's Great features.
Gamification: Make Business Fun for Everyone
27 January 2017
The world is based on the games. There are many types of games as per the aussie essay writing servi...
Let's Talk Tablets
12 January 2017
The concept of tablet is far better than that of PC because you can bring them with you everywhere a...
Tip of the Week: Tweak Your Workday in These 4 Ways and See Major Results
12 January 2017
The only thing will I will say regarding this blog is that it is very helpful at least for me. As I ...
WatchGuard Releases Version 10.2.7 for WSM, Edge, Fireware, and Fireware Pro
23 December 2016
I really needed to know about the fireware but i was confused that where can i find information abou...