from neowin.net

A software component of Norton Internet Security could allow hackers to use the application as a backdoor into a person's computer system, security researchers warned Friday.

The flaw occurs in an ActiveX component used by security firm Symantec's flagship desktop security program, Norton Internet Security, according to an advisory published by research firm NGSSoftware. The security hole could be used to run an attack program that would then take control of the computer that the software was trying to protect. "The attack can be achieved either by encouraging the victim to visit a malicious Web page or placing a script within...an HTML e-mail," the advisory stated. Symantec's Antispam software has a similar issue caused by a different ActiveX component. ActiveX is a Microsoft technology for creating scripts, small programs that can add functionality to a computer or a Web site.


http://news.com.com/2100-7355_3-5176442.ht...ml?tag=nefd_top

######################################################################

Symantec Internet Security ActiveX Component Arbitrary File Execution

######################################################################

http://secunia.com/advisories/11168/

Secunia Advisory: SA11168
Release Date: 2004-03-19
Last Update: 2004-03-26

Critical:
Highly critical
Impact: System access

Where: From remote

Software: Norton Internet Security 2004
Norton Internet Security 2004 Professional

Description:
NGSSoftware has discovered a vulnerability in Norton Internet Security 2004, which can be exploited by malicious people to compromise a user's system.

The "LaunchURL" method in the "WrapNISUM Class" (WrapUM.dll) ActiveX component makes it possible to run arbitrary executables from remote locations. This can be exploited to execute arbitrary code on a user's system by tricking the user into viewing a malicious HTML document (e.g. by visiting a website or viewing an HTML-based email).

Solution:
A patch is reportedly available via the LiveUpdate feature.

Provided and/or discovered by:
Mark Litchfield, NGSSoftware.

Changelog:
2004-03-20: Added link to vendor advisory.
2004-03-26: Added link to US-CERT vulnerability notes.

Original Advisory:
Symantec:
http://www.sarc.com/avcenter/security/Cont...2004.03.19.html

NGSSoftware:
http://www.nextgenss.com/advisories/nisrce.txt

Other References:
US-CERT VU#549054:
http://www.kb.cert.org/vuls/id/549054



Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Found: 2 Related Secunia Security Advisories


- Symantec Automatic LiveUpdate Privilege Escalation Vulnerability
- Norton Internet Security Blocked Site Cross-Site Scripting Vulnerability


##############################################################################