• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Symantec AutoFix Support Tool 'SYMADATA.DLL' ActiveX Control Remote Buffer Overflow Vulnerability

Symantec AutoFix Support Tool ActiveX control is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

An attacker can exploit this issue to execute arbitrary code in the context of an application using the ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.

NOTE: To exploit this issue, an attacker must entice an unsuspecting victim to to visit a malicious website masquerading as a trusted Symantec site.

This issue affects 'SYMADATA.DLL' 2.7.0.1 ActiveX control, which is part of the following Symantec products:

Norton 360 1.0
Norton AntiVirus 2006-2008
Norton Internet Security 2006-2008
Norton System Works 2006-2008