---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: Symantec Products NavComUI ActiveX Control Code Execution SECUNIA ADVISORY ID: SA25215 VERIFY ADVISORY: http://secunia.com/advisories/25215/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Symantec Norton SystemWorks 2006 http://secunia.com/product/6636/ Symantec Norton Internet Security 2006 http://secunia.com/product/6635/ Symantec Norton Internet Security 2005 http://secunia.com/product/4848/ Symantec Norton AntiVirus 2006 http://secunia.com/product/6634/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in various Symantec products, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to errors in the AxSysListView32 and AxSysListView32OAA ActiveX controls (NavComUI.dll) when handling the "AnomalyList" and "Anomaly" properties respectively as they take a VARIANT* as argument. Successful exploitation allows execution of arbitrary code. The vulnerabilities have been confirmed in Norton Internet Security 2006 including Norton AntiVirus 12.7.0.2. According to the vendor, the following versions are affected: * Norton AntiVirus 2006 * Norton Internet Security 2006 * Norton Internet Security, Anti Spyware Edition 2005 * Norton System Works 2006 SOLUTION: The vendor has issued a fix, which is available via LiveUpdate in Interactive Mode. PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2007-53/ Symantec: http://www.symantec.com/avcenter/security/Content/2007.08.09.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------