Members
  • Total Members: 12818
  • Latest: martin
Stats
  • Total Posts: 28536
  • Total Topics: 8240
  • Online Today: 1005
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Symantec issues Active X warning on select Norton products  (Read 1915 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Symantec, makers of several home security applications, issued an alert and patch to users who have Norton AntiVirus, Internet Security, or System Works 2005 or 2006 installed on their computers. The warning is related to an Active X control that is used by Symantec’s consumer products. Enterprise software is not affected by this vulnerability. If exploited the vulnerability could allow potential remote and local access to the target computer Symantec said.


“Symantec was notified by iDefense that a design error in NAVOPTS.DLL, an ActiveX control used by Norton AntiVirus, could potentially allow an attacker to crash the control if the end user visits a malicious web site. A successful exploit of NAVOPTS.DLL could then allow the attacker to access other Symantec ActiveX controls, even if they are not marked safe for scripting, possibly leading to remote arbitrary code execution in the context of the user's browser,” said a the company in a statement.

Engineers discovered the flaw after a report from iDefense alerted them to an issue. It was later discovered that the issue was limited to only consumer products, but the number of people who could be affected are just as large as their corporate user base.

The vulnerability is only exploited by visiting a malicious website. Some common methods to exploit the flaw Symantec said are though website redirection, malicious emails, and internal website functions such as hidden iframes.

To correct the issue, users need to run Live Update manually and the patch will be delivered. Warning about issues like this, Symantec gave some advice on how to mitigate such issues in the future. “Symantec strongly recommends a multi-layered approach to security,” the company said.

Listing such actions as keeping all operating systems and applications updated with the latest vendor patches. Being cautious when receiving attachments, executables, and web links through email, never open email from unknown senders. Email addresses can easily be spoofed so that a message appears to come from someone you know. If in doubt, contact the sender to confirm they sent it before opening attachments or following web links.

By Steve Ragan

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising