Symantec Security Check Virus Detection COM Object Denial Of Service Vulnerability
BID:10069
Info
Symantec Security Check Virus Detection COM Object Denial Of Service Vulnerability
| Bugtraq ID: | 10069 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 07 2004 12:00AM |
| Updated: | Apr 07 2004 12:00AM |
| Credit: | Discovery of this issue is credited to "Rafel Ivgi, The-Insider" <[email protected]>. |
| Vulnerable: |
Symantec Security Check Virus Detection |
| Not Vulnerable: | |
Discussion
Symantec Security Check Virus Detection COM Object Denial Of Service Vulnerability
Symantec Virus Detection is a web based service that detects viruses and trojan horses. It is a freely available service that can be run via Microsoft Internet Explorer, Netscape Communicator or Apple Safari web browsers. The Symantec.SymVAFileQuery.1 is a COM object used by the service that is installed on a system only when the user of that system navigates to the Symantec Virus Detection site and initiates virus detection.
It has been reported that the Symantec Virus Detection Symantec.SymVAFileQuery.1 COM object is prone to a denial of service vulnerability. When the object is invoked with excessive data, the browser will crash.
Successful exploitation would immediately produce a denial of service condition in the affected browser. Although initially reported as a buffer overflow, this issue does not appear to present any threat of remote code execution.
It should be noted that the vulnerable object may not be invoked from scripts outside of the Symantec domain, however, vulnerabilities that permit malicious content to be executed in the context of the domain (such as HTML injection or cross-site scripting vulnerabilities as well as web browser security model issues) may still permit exploitation of this issue.
Symantec Virus Detection is a web based service that detects viruses and trojan horses. It is a freely available service that can be run via Microsoft Internet Explorer, Netscape Communicator or Apple Safari web browsers. The Symantec.SymVAFileQuery.1 is a COM object used by the service that is installed on a system only when the user of that system navigates to the Symantec Virus Detection site and initiates virus detection.
It has been reported that the Symantec Virus Detection Symantec.SymVAFileQuery.1 COM object is prone to a denial of service vulnerability. When the object is invoked with excessive data, the browser will crash.
Successful exploitation would immediately produce a denial of service condition in the affected browser. Although initially reported as a buffer overflow, this issue does not appear to present any threat of remote code execution.
It should be noted that the vulnerable object may not be invoked from scripts outside of the Symantec domain, however, vulnerabilities that permit malicious content to be executed in the context of the domain (such as HTML injection or cross-site scripting vulnerabilities as well as web browser security model issues) may still permit exploitation of this issue.
Exploit / POC
Symantec Security Check Virus Detection COM Object Denial Of Service Vulnerability
The following proof of concept has been provided:
The following proof of concept has been provided:
Solution / Fix
Symantec Security Check Virus Detection COM Object Denial Of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Symantec Security Check Virus Detection COM Object Denial Of Service Vulnerability
References:
References:
- Security Check (Symantec)
- Symantec Virus Detection(Free ActiveX) ("Rafel Ivgi, The-Insider"
) - Re: Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow, Apr 7 2004 (Sym Security
)