Friday, August 10, 2007

Critical Symantec Flaw

An input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works could allow an attacker to execute code on the target system.

Affected Products

  • Norton Antivirus 2006
  • Norton Internet Security 2006
  • Norton Internet Security, Anti-Spyware Edition 2005
  • Norton System Works 2006

Symantec was notified that two ActiveX controls supplied by NAVCOMUI.DLL contain an input validation error for two properties of the controls. This error could allow an attacker to crash Internet Explorer, or possibly run arbitrary code with the rights of the logged in user.

How to Obtain the Update
Symantec Norton product users who regularly launch and run LiveUpdate should already have received an updated (non-vulnerable) version of NAVCOMUI.DLL.
However, to ensure all available updates have been applied, users can manually launch and run LiveUpdate in Interactive mode as follows:

  • Open any installed Norton product
  • Click on LiveUpdate in the GUI
  • Run LiveUpdate until all available product updates are downloaded and installed

Best Practices
Symantec recommends any affected customers update their product immediately to protect against potential attempts to exploit this vulnerability. As part of normal best practices, Symantec recommends the following:

  • Run under the principle of least privilege to limit the impact of exploits.
  • Keep all operating systems and applications updated with the latest vendor patches.
  • Follow a multi-layered approach to security. Run both firewall and antivirus software to provide multiple points of detection and protection from inbound and outbound threats.
  • Keep anti-virus definitions and IPS (firewall) signatures up to date.

Symantec Security Advisory