Symantec ActiveX Control Remote Share Vulnerability
An ActiveX control in the Symantec AutoFix Tool is prone to a vulnerability due to an insecure method.
Attackers can leverage this issue to load an arbitrary file onto a victim’s computer and then execute it with the privileges of the application running the control (usually Internet Explorer). This issue is exploitable only when a victim’s computer is configured to allow remote connections to WebDav or SMB shares.
Successful exploits will compromise affected computers and allow attackers control over the machine.
This issue affects ‘SYMADATA.DLL’ version 2.7.0.1 ActiveX control, which is part of the following Symantec products:
Symantec Norton SystemWorks 2008
Symantec Norton SystemWorks 2007
Symantec Norton SystemWorks 2006
Symantec Norton Internet Security 2008
Symantec Norton Internet Security 2007
Symantec Norton Internet Security 2006
Symantec Norton Antivirus 2008
Symantec Norton Antivirus 2007
Symantec Norton AntiVirus 2006
Symantec Norton 360 1.0
Symantec released an advisory and fixes to address this issue. Users of affected packages can use the interactive LiveUpdate feature to obtain and apply fixes or visit https://www-secure.symantec.com/techsupp/asa/install.jsp
References:
Microsoft Knowledge Base article 240797
Norton Product Page
SYM08-009 Symantec AutoFix Support Tool ActiveX Control Vulnerabilities
Currently we are not aware of any working exploits. If you know of any or if you are aware of more recent information, please comment.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.