[NT] Norton Internet Security Remote Command Execution (WrapNISUM)
From: SecuriTeam (support_at_securiteam.com)
Date: 03/23/04
- Previous message: SecuriTeam: "[NT] ISS PAM ICQ Server Response Processing Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 23 Mar 2004 20:45:00 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Norton Internet Security Remote Command Execution (WrapNISUM)
------------------------------------------------------------------------
SUMMARY
"Symantec's <http://www.symantec.com/sabu/nis/nis_pe/> Norton Internet
Security 2004 Professional protects you and your business from online
threats. It eliminates viruses automatically, blocks hackers, safeguards
your personal information, fights SPAM, increases online productivity,
recovers lost or damaged files, and thoroughly deletes confidential data
you no longer need."
An ActiveX control bundled with Norton Internet Security suffers from a
bug that can easily be exploited to cause a stack based overflow upon
viewing a malicious webpage or email with a malicious script.
DETAILS
Vulnerable Systems:
* Norton Internet Security 2004
The WrapNISUM Class (c:\program files\Norton Internet Security
Professional\WrapUM.dll) is an ActiveX component that is installed with
Norton Internet Security. Using the LaunchURL method an attacker has the
ability to force the browser to run arbitrary executables on the target.
In a real world attack, this would more than likely take the form of a UNC
path. It's important to note here that on those windows operating systems
that support the WEBDAV redirector file system if the UNC path cannot be
reached over TCP port 139 or 445 it will switch to TCP Port 80 (HTTP).
The implication of this is that attackers can bypass firewalls under the
right circumstances.
Patch Availability:
A patch can be obtained from Symantec's LiveUpdate feature.
ADDITIONAL INFORMATION
The information has been provided by <mailto:nisr@nextgenss.com>
NGSSoftware Insight Security Research.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NT] ISS PAM ICQ Server Response Processing Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
