Symantec announces ActiveX vulnerability

By Richard Thurston, ZDNet UK
Monday, August 13, 2007 02:17 PM

Symantec has revealed details of a vulnerability in two ActiveX controls used in its Norton Windows antivirus software.

The vulnerability was reported by security research firm Secunia as "highly critical" and Symantec urged users to update their software immediately.

Norton AntiVirus 2006, Norton Internet Security 2006, Norton SystemWorks 2006 and Norton Internet Security 2005 AntiSpyware Edition are affected.

Symantec's corporate security software is not affected.

The problem in the ActiveX controls could allow a hacker to execute code on an affected PC.

It comes about because of an input validation error, which fails to analyse incoming data for malicious commands before executing them.

To exploit the vulnerability, hackers could send emails to users inviting them to click on a link to a website containing the exploit code, Symantec said.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.


Tech Jobs Now!

Search for your ideal tech job:

News from Countries/Region

Release management: Unnecessary evil or Holy Grail?

Tech Management

Though organizations may dread these words, release management is an integral step throughout the software development process. Erica Henson explains more.


Read more »



Buying a projector? Try an LED TV instead

Blog thumbnail

If you're thinking of buying a new projector for your office meeting room, why not consider getting an LED TV instead. LED TVs are similar to LCD TVs except that..... by Lee Lup Yuen

Read more »

Tags

  1. attack
  2. authentication and encryption
  3. blog
  4. data security
  5. e - mail
  6. hacking
  7. internet
  8. malware
  9. microsoft corp.
  10. network
  11. network security
  12. pc security
  13. researcher
  14. security
  15. security management
  16. software
  17. spam and phishing
  18. symantec corp.
  19. viruses and worms
  20. web