Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software provided by a third-party developer. Meanwhile, some users are apparently reporting problems with their subscriptions, as false warnings of expiry are issued.
The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006 and Norton Internet Security 2006. The current 2007 range, including Norton 360, are not thought to be at risk, and no attempts to exploit the vulnerability have been observed.
Symantec has released detection for any potential exploits, and has provided details on how to check if software is vulnerable so that a patch can be applied, here. A Secunia alert on the issue is here.
View: Full Article @ Virus Bulletin
25 Comments - Add comment