Date: 23 March 2004
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
AUSCERT External Security Bulletin Redistribution
ESB-2004.0229 -- Symantec Security Advisory SYM04-005
Symantec Norton Internet Security and Norton AntiSpam Remote Access
23 March 2004
AusCERT Security Bulletin Summary
Product: Norton Internet Security
Operating System: Windows
Impact: Execute Arbitrary Code/Commands
Access Required: Remote
Comment: Symantec response to NGSSoftware Advisories NISR19042004a and
- --------------------------BEGIN INCLUDED TEXT--------------------
Symantec Security Advisory
19 March, 2004
Symantec Norton Internet Security and Norton AntiSpam Remote Access
NGSsoftware notified Symantec of a security vulnerability NGSsoftware had
found in the Symantec Norton Internet Security and Symantec Norton
AntiSpam 2004. If properly exploited this vulnerability could allow remote
execution of arbitrary code on a targeted system resulting in possible
Symantec Norton Internet Security 2004 and Professional for Windows
Symantec Norton AntiSpam 2004
Symantec was alerted to a remote access vulnerability that NGSsoftware
discovered while evaluating Symantec Norton Internet Security 2004 and
Symantec Norton AntiSpam 2004. Symantec Norton Internet Security and
Symantec Norton AntiSpam 2004 contain ActiveX components that do not do
proper bounds checking of external input. A malicious individual could
potentially exploit these weaknesses to launch a local application on the
target system and possibly run arbitrary code of their choice on the local
system with elevated privileges.
To do this successfully, the attacker would need to either entice the
targeted user to visit a location where the malicious code could be
launched or to download and launch the malicious code on their system.
Successful execution of these security issues could result in compromise
of the targeted system.
Symantec has verified the issues reported by NGSsoftware and released
patches for both Symantec Norton Internet Security and Symantec Norton
AntiSpam 2004 via Symantec LiveUpdate. Customers should run Symantec
LiveUpdate manually to ensure all installed Symantec products are fully
· Open any installed Symantec product
· Click on LiveUpdate in the toolbar
· Run LiveUpdate until all available Symantec product updates are
downloaded and installed
Symantec is unaware of any active exploits for or customer impact from
these issues. Symantec will continue to evaluate the issues.
As a part of normal best practices, Symantec recommends using a
multi-layered approach to security. Users, at a minimum, should run both
personal firewall and antivirus applications with current updates to
provide multiple points of detection and protection to both inbound and
Users should keep vendor-supplied patches for all application software and
operating systems up-to-date.
Users should further be wary of mysterious attachments and executables
delivered via email and be wary of visiting unknown/untrusted websites.
Do not open attachments or executables from unknown sources. Always err on
the side of caution.
Even if the sender is known, be wary of attachments if the sender does not
fully explain the attachment content in the body of the email. You do not
know the source of the attachment.
If in doubt, contact the sender before opening the attachment. If still in
doubt, delete the attachment without opening it.
Symantec has requested a Common Vulnerabilities and Exposures (CVE)
candidate name for these issues. We will revise this Advisory upon
This is a candidate for inclusion in the CVE list (http://cve.mitre.org),
which standardizes names for security problems.
Symantec appreciates the cooperation of Mark Litchfield and the
NGSsoftware research team in identifying this issue.
Symantec Product Security Contact:
Symantec takes the security and proper functionality of its products very
seriously. As founding members in the Organization for Internet Safety,
Symantec follows the process of responsible disclosure. Please contact
email@example.com if you feel you have discovered a potential or
actual security issue with a Symantec product.
Symantec strongly recommends using encrypted email for reporting
vulnerability information to firstname.lastname@example.org. The SymSecurity
PGP key may be obtained from the Symantec Security Response site.
Copyright (c) 2004 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as
it is not edited in any way unless authorized by Symantec Security
Response. Reprinting the whole or parts of this alert in any medium other
than electronically requires permission from email@example.com.
The information in the advisory is believed to be accurate at the time of
publishing based on currently available information. Use of the
information constitutes acceptance for use in an AS IS condition. There
are no warranties with regard to this information. Neither the author nor
the publisher accepts any liability for any direct, indirect, or
consequential loss or damage arising from use of, or reliance on, this
Symantec, Symantec products, and SymSecurity are registered trademarks of
Symantec Corp. and/or affiliated companies in the United States and other
countries. All other registered and unregistered trademarks represented in
this document are the sole property of their respective companies/owners.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to firstname.lastname@example.org
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
Internet Email: email@example.com
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----