Short Name |
HTTP:STC:ACTIVEX:NORTON-SYMSPAM |
---|---|
Severity |
Major |
Recommended |
No |
Category |
HTTP |
Keywords |
Norton Internet Security symspam.dll Exploit Attempt |
Release Date |
2004/03/31 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Norton Internet Security products. Attackers can provide an oversized URL to the LaunchCustomRuleWizard function, overflowing the buffer and enabling attackers to execute arbitrary commands.
Symantec Norton AntiSpam has been reported prone to a remotely exploitable buffer overrun vulnerability. This issue exists in the SymSpamHelper Class ActiveX component, which could be invoked from a web page or HTML e-mail with malformed parameters sufficient to trigger the condition. This could be exploited to execute arbitrary code with the privileges of the client user.