TITLE: Symantec Support Tool ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA22228
VERIFY ADVISORY: http://secunia.com/advisories/22228/ CRITICAL: Less critical IMPACT: Exposure of system information, System access WHERE: >From remote SOFTWARE: Symantec Automated Support Assistant http://secunia.com/product/12212/ Symantec Norton AntiVirus 2005 http://secunia.com/product/4009/ Symantec Norton AntiVirus 2006 http://secunia.com/product/6634/ Symantec Norton Internet Security 2005 http://secunia.com/product/4848/ Symantec Norton Internet Security 2006 http://secunia.com/product/6635/ Symantec Norton SystemWorks 2005 http://secunia.com/product/4847/ Symantec Norton SystemWorks 2006 http://secunia.com/product/6636/ DESCRIPTION: Some vulnerabilities have been reported in Support Tool ActiveX Control included in various Symantec products, which potentially can be exploited by malicious people to disclose system information or to compromise a vulnerable system. 1) An unspecified input validation error exists, which can be exploited to gain unauthorized access to system information. 2) An unspecified boundary error exist, which can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code with privileges of the user running the browser. Successful exploitation requires spoofing of a trusted domain web site and to trick the user to click on a malicious link. The following products are affected: * Symantec Automated Support Assistant * Symantec Norton AntiVirus 2005, 2006 * Symantec Norton Internet Security 2005, 2006 * Symantec Norton SystemWorks 2005, 2006 SOLUTION: Norton AntiVirus, Norton Internet Security, Norton System Works: Apply latest updates via LiveUpdate. Automated Support Assistant: Update to the latest version. https://www-secure.symantec.com/techsupp/asa/install.jsp ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
