The flaw occurs in an ActiveX component used by security firm Symantec's flagship desktop security program, Norton Internet Security, according to an advisory published by research firm NGSSoftware. The security hole could be used to run an attack program that would then take control of the computer that the software was trying to protect.
"The attack can be achieved either by encouraging the victim to visit a malicious Web page or placing a script within...an HTML e-mail," the advisory stated.
Symantec's Antispam software has a similar issue caused by a different ActiveX component. ActiveX is a Microsoft technology for creating scripts, small programs that can add functionality to a computer or a Web site.
Symantec released fixes for the flaws that can be downloaded from its site, using LiveUpdate, the standard update mechanism included with the programs.
"To date, Symantec has not had any reports of any related exploits, and exploit code has not been posted, but we will continue to evaluate this issue," the company said in a statement sent to CNET News.com. "Symantec issued a fix on March 18 for customers to download via LiveUpdate."
Last December, Symantec fixed a problem that affected a small percentage of the more than 1.2 million users of the company's Norton Antivirus 2004, Norton Internet Security 2004, Norton Antispam 2004 and Norton SystemWorks 2004. For those customers, the applications would mistakenly ask for a product activation code every time a PC was rebooted, and eventually the program would become locked.
Play video
There are currently no comments for this post.