Signature Detail
Short Name |
HTTP:STC:ACTIVEX:NORTON-SYMSPAM |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Norton Internet Security symspam.dll Exploit Attempt |
Release Date |
2004/03/31 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Norton Internet Security symspam.dll Exploit Attempt
This signature detects attempts to exploit a known vulnerability against Norton Internet Security products. Attackers can provide an oversized URL to the LaunchCustomRuleWizard function, overflowing the buffer and enabling attackers to execute arbitrary commands.
Extended Description
Symantec Norton AntiSpam has been reported prone to a remotely exploitable buffer overrun vulnerability. This issue exists in the SymSpamHelper Class ActiveX component, which could be invoked from a web page or HTML e-mail with malformed parameters sufficient to trigger the condition. This could be exploited to execute arbitrary code with the privileges of the client user.
Affected Products
- Symantec Norton AntiSpam 2004
References
- BugTraq: 9916
- CVE: CVE-2004-0363
- URL: http://www.kb.cert.org/vuls/id/344718