Norton Antivirus and Norton 360 Vulnerable - Patch Inside!

Symantec is one of the most powerful security companies on the market, providing an impressive number of products installed on millions of computers around the world. But what happens if there's a vulnerability in one of its solutions? This means that a huge number of
users instantly become defenseless to attacks and Symantec's employees have to struggle to keep them on the safe side. This is exactly what happened a few days ago when two vulnerabilities were reported in an ActiveX control, multiple products being affected.

Norton 360 at work

Article: Norton Antivirus and Norton 360 Vulnerable - Patch Inside!
Comments: Norton 360 at work

Among the damaged solutions, we can mention Norton 360 1.0, Norton Antivirus 2006-2008, Norton Internet Security 2006-2008 and Norton System Works 2006-2008, all of them for the Windows platform. Norton 360 2.0, Norton Antivirus for Macintosh, Norton Internet Security for Mac, Norton Personal Firewall for Mac and Norton Smartphone Security for Windows are all secure.

Symantec has already confirmed the vulnerabilities and provided details for both of them:

1. The first, reported by Peter Vreugdenhill, is a stack based buffer overflow which could allow a successful attacker to run code of their choice in the context of the user’s browser. The user must be enticed to visit a malicious website masquerading as a trusted Symantec site before an attack can be launched.

2. The second occurs due to a design error in the process used to look for and launch the AutoFix Tool. If successfully exploited, an attacker could load and execute code of their choice from a remote share. However, this can occur only if the target system (user’s system) is configured to allow access to remote shares via WebDav or SMB.

In order to patch your vulnerable security software provided by Symantec (please check that your product is among the vulnerable ones), click on this link and follow the instructions provided by the security company.

[Source: softpedia]