Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
BID:9916
Info
Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
| Bugtraq ID: | 9916 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2004-0363 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 19 2004 12:00AM |
| Updated: | Jul 12 2009 03:06AM |
| Credit: | Discovery is credited to Mark Litchfield. |
| Vulnerable: |
Symantec Norton AntiSpam 2004 |
| Not Vulnerable: | |
Discussion
Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
Symantec Norton AntiSpam has been reported prone to a remotely exploitable buffer overrun vulnerability.
This issue exists in the SymSpamHelper Class ActiveX component, which could be invoked from a web page or HTML e-mail with malformed parameters sufficient to trigger the condition. This could be exploited to execute arbitrary code with the privileges of the client user.
Symantec Norton AntiSpam has been reported prone to a remotely exploitable buffer overrun vulnerability.
This issue exists in the SymSpamHelper Class ActiveX component, which could be invoked from a web page or HTML e-mail with malformed parameters sufficient to trigger the condition. This could be exploited to execute arbitrary code with the privileges of the client user.
Exploit / POC
Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
Solution:
Symantec has released advisory SYM04-005 relating to this issue. Please see the reference section for more information.
Fixes for this issue may be applied via LiveUpdate.
Solution:
Symantec has released advisory SYM04-005 relating to this issue. Please see the reference section for more information.
Fixes for this issue may be applied via LiveUpdate.
References
Symantec Norton AntiSpam SymSpamHelper Class Buffer Overrun Vulnerability
References:
References:
- SYM04-005 Symantec Norton Internet Security and Norton AntiSpam Remote Access... (Symantec)
- Norton AntiSpam Remote Buffer Overrun (#NISR19042004a) ("NGSSoftware Insight Security Research"