---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Symantec Support Tool ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA22228 VERIFY ADVISORY: http://secunia.com/advisories/22228/ CRITICAL: Less critical IMPACT: Exposure of system information, System access WHERE: >From remote SOFTWARE: Symantec Automated Support Assistant http://secunia.com/product/12212/ Symantec Norton AntiVirus 2005 http://secunia.com/product/4009/ Symantec Norton AntiVirus 2006 http://secunia.com/product/6634/ Symantec Norton Internet Security 2005 http://secunia.com/product/4848/ Symantec Norton Internet Security 2006 http://secunia.com/product/6635/ Symantec Norton SystemWorks 2005 http://secunia.com/product/4847/ Symantec Norton SystemWorks 2006 http://secunia.com/product/6636/ DESCRIPTION: Some vulnerabilities have been reported in Support Tool ActiveX Control included in various Symantec products, which potentially can be exploited by malicious people to disclose system information or to compromise a vulnerable system. 1) An unspecified input validation error exists, which can be exploited to gain unauthorized access to system information. 2) An unspecified boundary error exist, which can be exploited to cause a stack-based buffer overflow and may allow execution of arbitrary code with privileges of the user running the browser. Successful exploitation requires spoofing of a trusted domain web site and to trick the user to click on a malicious link. The following products are affected: * Symantec Automated Support Assistant * Symantec Norton AntiVirus 2005, 2006 * Symantec Norton Internet Security 2005, 2006 * Symantec Norton SystemWorks 2005, 2006 SOLUTION: Norton AntiVirus, Norton Internet Security, Norton System Works: Apply latest updates via LiveUpdate. Automated Support Assistant: Update to the latest version. https://www-secure.symantec.com/techsupp/asa/install.jsp PROVIDED AND/OR DISCOVERED BY: The vendor credits John Haesman, Next Generation Security Research. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.10.05.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------