Eddie_666 Posted May 31, 2004 Report Share Posted May 31, 2004 Segue boletin do SANS a respeito da vulnerabilidade. Para quem utiliza, é bom fazer um update.Symantec Norton Antivirus Remote Code ExecutionAffected: Norton Antivirus 2004Description: Symantec Norton Antivirus 2004, which is used by millionsof home users worldwide, contains a vulnerability that allows anattacker to execute arbitrary code on a client system. The problem liesin an ActiveX control used by the software, which does not sufficientlysanitize its user-supplied input. A malicious webpage or an HTML emailcan exploit this flaw to launch any executables already present on theclient system. Limited technical details regarding the flaw have beenposted.Status: Symantec has confirmed the flaw. Please use the "LiveUpdate"feature to upgrade the anti-virus software. Quote Link to comment Share on other sites More sharing options...
0 Nêutron Posted June 1, 2004 Report Share Posted June 1, 2004 traduzindo pelo alto:vulnerablidade blahblahblah num controle activex usado pelo soft, blabla, uma webpage ou email "malicioso" (ou seja, contendo um código q explora a falha, ou em outras palavras, um exploit) pode RODAR QUALQUER EXECUTÁVEL JÁ PRESENTE NO SSISTEMA [ótimo pra f**** seu sistema se você não usa firewall... hahahahaha]a symantec confirmou o bug, por favor atualizar com o liveupdate etc etc etc Quote Link to comment Share on other sites More sharing options...
Question
Eddie_666
Segue boletin do SANS a respeito da vulnerabilidade. Para quem utiliza, é bom fazer um update.
Symantec Norton Antivirus Remote Code Execution
Affected: Norton Antivirus 2004
Description: Symantec Norton Antivirus 2004, which is used by millions
of home users worldwide, contains a vulnerability that allows an
attacker to execute arbitrary code on a client system. The problem lies
in an ActiveX control used by the software, which does not sufficiently
sanitize its user-supplied input. A malicious webpage or an HTML email
can exploit this flaw to launch any executables already present on the
client system. Limited technical details regarding the flaw have been
posted.
Status: Symantec has confirmed the flaw. Please use the "LiveUpdate"
feature to upgrade the anti-virus software.
Link to comment
Share on other sites
1 answer to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.