On CBSNews.com: Can 365 Nights Of Sex Fix A Marriage?
BNET Business Network:
BNET
TechRepublic
ZDNet
35 TalkBacks

By Robert Lemos
Posted on ZDNet News: Mar 20, 2004 12:23:00 AM

A software component of Norton Internet Security could allow hackers to use the application as a backdoor into a person's computer system, security researchers warned Friday.

The flaw occurs in an ActiveX component used by security firm Symantec's flagship desktop security program, Norton Internet Security, according to an advisory published by research firm NGSSoftware. The security hole could be used to run an attack program that would then take control of the computer that the software was trying to protect.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.
"The attack can be achieved either by encouraging the victim to visit a malicious Web page or placing a script within...an HTML e-mail," the advisory stated.

Symantec's Antispam software has a similar issue caused by a different ActiveX component. ActiveX is a Microsoft technology for creating scripts, small programs that can add functionality to a computer or a Web site.

Symantec released fixes for the flaws that can be downloaded from its site, using LiveUpdate, the standard update mechanism included with the programs.

"To date, Symantec has not had any reports of any related exploits, and exploit code has not been posted, but we will continue to evaluate this issue," the company said in a statement sent to CNET News.com. "Symantec issued a fix on March 18 for customers to download via LiveUpdate."

Last December, Symantec fixed a problem that affected a small percentage of the more than 1.2 million users of the company's Norton Antivirus 2004, Norton Internet Security 2004, Norton Antispam 2004 and Norton SystemWorks 2004. For those customers, the applications would mistakenly ask for a product activation code every time a PC was rebooted, and eventually the program would become locked.

  • Talkback
  • Most Recent of 35 Talkback(s)
then again MS Java did have a few vulnerabilities
but it was linked to the os in ways real Java was not ment to be (Read the rest)
Posted by: JWatson77 Posted on: 03/24/04 You are currently: Logged In as: a Guest  | Login | Terms of Use
It figures  Squawkbox | 03/19/04
And want to come to a Linux box near you  FilledOut | 03/19/04
ActiveX was an exploit waiting to happen  Chad_z | 03/19/04
ActiveX exploits are why I'm using Firefox  jfrankcarr | 03/20/04
Don't assume you're safe ...  George Jay | 03/20/04
By you can assume your MUCH safer  David Mohring | 03/20/04
Well, now you're getting somewhere  jfrankcarr | 03/21/04
And people laughed...........  nite_w0lf | 03/19/04
Blame Norton  boxmonkey | 03/20/04
You have to use ActiveX in this case  jfrankcarr | 03/20/04
Active X for security?  michael-t | 03/20/04
Dogs and fleas  bjbrock | 03/20/04
Dogs and fleas  seosamh_z | 03/21/04
Re: Dogs & fleas  MammyNun | 03/23/04
But...  DragonBRockin | 03/20/04
Hey, where's No_Ax?  Chad_z | 03/20/04
Security Programs Becoming Major Infection Vector  Aphelion | 03/21/04
Re: Security Programs Becomming Major Infection Vector  GraysonPeddie | 03/22/04
virus authors  angrymuthu | 03/21/04
The .net Framework might be better...  GraysonPeddie | 03/21/04
The .net Framework might be better...  seosamh_z | 03/21/04
It's always the "next" version with MSFT  Chad_z | 03/21/04
It's always the "next" version with MSFT  seosamh_z | 03/22/04
.net is 10 years LATE  michael-t | 03/21/04
.net is 10 years LATE  seosamh_z | 03/22/04
MS and 'modern' technologies ....  michael-t | 03/22/04
Anybody notice...  Yen_z | 03/21/04
Substitute Java and ...  ShadeTree | 03/22/04
ActiveX is far more than scripting  jfrankcarr | 03/22/04
Mixing metaphors.  ShadeTree | 03/22/04
Sorry, but you are quite confused  jfrankcarr | 03/22/04
you mean jsp, lets be clear - not Sun Java  JWatson77 | 03/24/04
then again MS Java did have a few vulnerabilities  JWatson77 | 03/24/04
What Idiot Uses ActiveX for Security? Only Symantec...  brenthawkinsmd | 03/22/04
activex? lol  JWatson77 | 03/24/04

What do you think?

advertisement
advertisement

Managed Hosting

  • If the cost of building and managing a robust technology infrastructure is prohibitive for your small or mid-sized business (SMB), managed hosting may be worth another look. For help determining whether a managed or dedicated hosting solution makes sense for your business, read this informative blog post by Josh Hoskins.
  • From our sponsors
    Smart IT Investment
    Click Here
  • Fully-managed hosted IT solutions Complete hosted solutions tailored to your needs with no capital expenditures — the smart approach to IT investment Discover no-capex IT
  • The Planet
advertisement
Click Here