|
|
Symantec AutoFix Tool ActiveX Control Remote Share 'launchProcess()' Insecure Method Vulnerability
An ActiveX control in the Symantec AutoFix Tool is prone to a vulnerability due to an insecure method. Attackers can leverage this issue to load an arbitrary file onto a victim's computer and then execute it with the privileges of the application running the control (typically Internet Explorer). This issue is exploitable only when a victim's computer is configured to allow remote connections to WebDav or SMB shares. Successful exploits will compromise affected computers. This issue affects the 'SYMADATA.DLL' 2.7.0.1 ActiveX control, which is part of the following Symantec products: Norton 360 1.0 Norton AntiVirus 2006-2008 Norton Internet Security 2006-2008 Norton System Works 2006-2008 |
|
Privacy Statement |