Symantec suffers ActiveX and licensing problems

Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software provided by a third-party developer. Meanwhile, some users are apparently reporting problems with their subscriptions, as false warnings of expiry are issued.

The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006 and Norton Internet Security 2006. The current 2007 range, including Norton 360, are not thought to be at risk, and no attempts to exploit the vulnerability have been observed.

Symantec has released detection for any potential exploits, and has provided details on how to check if software is vulnerable so that a patch can be applied, here. A Secunia alert on the issue is here.

View: Full Article @ Virus Bulletin

Report a problem with article
Previous Story

Man charged with uploading movie to Web

Next Story

Free Sophos Anti-Virus 4.15

25 Comments

Commenting is disabled on this article.

I have had only 1 problem with symantec software, of which I pointed it and they corrected the problem.

They did not give me a big bunch of flowers though which was a bit of a bomb to say the least.

ha ha

Well you have to be a complete Donkey if you cannot install NIS2007 and the add-on pack.

I have been using it for some time and not a problem, doesn't lag my system nor does it crash my system.

It's not down to luck it's to do with following the install instructions.

leesmithg said,
It's not down to luck it's to do with following the install instructions.

Nice to know that there are some people out there that it still works for. Since following Symantec's install instructions did not work, I'm guessing that either their techs are dead and gone, or guess what, the software has gone to h-e-l-l. Wish it was as simple as following instructions. Heh!

The activation thing is getting to be really old here, btw Kaspersky KIS is a vast performance improvement as an out of desperation install proved.

Anyway, 5 of my friends decided to upgrade their OEM NIS installs to the latest 2007 version.

Two decided that the brand new install of NIS2007 was actually NIS2006 and refused to show a valid current subscription after total removal with the "Norton Removal Tool" and reinstallation the computers had the same problem. Called Symantec Tech support and guess what, they had me run NRT again and reinstall, and then some other ff stuf that was supposed to make the NIS2007 install reread its subscription information off Symantec's servers. There is something inherently lame in this stuff, the tech had me do some diagnostic and NIS, despite the complete removal, left some piece of krap somewhere that convices the brand new install and it's interaction with the activation server that a version of NIS2006 is what is asking for activation and proceeds to cheat you out of a year's worth of subscription. On these two computers, the tech finally told me to charge back the credit card on both as we could not make NIS2007 work on them.

Another friend bought NIS2007 online and tried to install it herself (simple enough, this isn't rocket science, it should just darn well work). It came up with the same stupid your subscription is expired, you need to purchase a year's subscription. I ran NRT and it actually found the seat of its pants with both hands and a flashlight upon the next install and reported that I had a year's worth of subscription.

One took 20 minutes to reboot after installation, did a complete NRT uninstall and reinstall. Finally removed it, told this friend to do a chargeback and we found something else (same NIS features, different brand) that amazingly made her computer run faster than from when she had NIS2005 installed. Wow!

One actually seemed to go through the install with a minor hiccup and ran with the usual performance decrease that every new version of NIS brings about, but, it actually ran without the NRT nuke from orbit option.

After being a loyal customer since DOS, I can say that "The Symantec Overlords" have finally cut out Peter Norton's heart, roasted it on a spit and eaten it. No longer can Norton anything be trusted to be useable.

Installing any Symantec product on any computer results in vulnerabilities. I'm writing those things too often, Lately. Must be a good year for them.

Yet more security problems from a security company, yet they still have the nerv to slam everyone else for not being able to do security right.

GP007 said,
Yet more security problems from a security company, yet they still have the nerv to slam everyone else for not being able to do security right.
Indeed. At least they aren't blaming this on Microsoft.

Jesus guys, read:

involving ActiveX software provided by a third-party developer.

Third party.

They even got a patch for it, much faster than Microsoft usually puts out. At least users didn't have to wait for the 'Tuesday of the Month' release for it.

Amodin said,
Jesus guys, read:

Third party.

They even got a patch for it, much faster than Microsoft usually puts out. At least users didn't have to wait for the 'Tuesday of the Month' release for it.

I never said they weren't blaming it on someone else. I said they aren't blaming this on Microsoft -- which they are not.

Amodin said,
Jesus guys, read:

Third party.

They even got a patch for it, much faster than Microsoft usually puts out. At least users didn't have to wait for the 'Tuesday of the Month' release for it.


Actually if an exploit is serious enough Microsoft doesn't wait for patch Tuesday.

Danrarbc said,
Actually if an exploit is serious enough Microsoft doesn't wait for patch Tuesday.

Patch Tuesday only exists because people bitched in the past that the updates were too frequest and people complaing because they're not frequest enough. Not directed to you by the way.

And when Apple reports a problem, someone goes "Ha!"... And when Microsoft reports a problem, someone goes "Ha!"...

The immaturity gets old.

markjensen said,
And when Apple reports a problem, someone goes "Ha!"... And when Microsoft reports a problem, someone goes "Ha!"...

The immaturity gets old.

I think people laugh because these giant corporations promise you the world, but then fail miserably to deliver. Then you have some lone freeware author put out something 1000 oompa loompa cubicle drones with millions in funding couldn't build for some unknown reason.

One great example is Mark Russinovich. I can't believe that after over a decade, MS couldn't make a decent task manager, startup manager, and port monitor tool. Yet Mark built all of them by himself and dozens of other useful tools MS couldn't be bothered to make, or make properly, or even realize they should make.

There's no excuse for that kind of ineptitude by a billion-$$$ corporation. Symantec suffers from the same problem. The industry would be better off without them--if they don't change their arrogant, greedy ways.

> I can't believe that after over a decade, MS couldn't make a decent task manager, startup manager,
> and port monitor tool. Yet Mark built all of them by himself and dozens of other useful tools MS couldn't be
> bothered to make, or make properly, or even realize they should make.

The fact that they don't make them public doesn't mean they lack the ability to make their own internal versions of these tools.

_dandy_ said,
> I can't believe that after over a decade, MS couldn't make a decent task manager, startup manager,
> and port monitor tool. Yet Mark built all of them by himself and dozens of other useful tools MS couldn't be
> bothered to make, or make properly, or even realize they should make.

The fact that they don't make them public doesn't mean they lack the ability to make their own internal versions of these tools.


Toadeater is 100% right, and there is no arguing about that. We pay arm and leg for MS software and other tools to make it less vulnerable and more feature-rich. They are obliged to put out the best (I was sick of seeing the clock.avi file in XP's Windows folder when it came out) - obliged in a free competitive market, that is. Now, if that doesn't happen for 10 fricken years, where the F is the progress and innovation MS is bragging about?