Signature Detail
Short Name |
HTTP:STC:NORTON:LAUNCHURL-HTTP |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Norton Internet Security LaunchURL Exploit Attempt |
Release Date |
2004/03/31 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Norton Internet Security LaunchURL Exploit Attempt
This signature detects attempts to exploit a known vulnerability against Norton Internet Security products. Attackers can provide an oversized URL to the LaunchURL function, overflowing the buffer and enabling attackers to execute arbitrary commands.
Extended Description
Symantec firewall products such as Norton Internet Security, Norton Personal Firewall, Client Firewall and Client Security are prone to a vulnerability that may potentially allow for remote command execution. This vulnerability is exposed via the WrapNISUM Class ActiveX component. This component may potentially be invoked to launch a resource via a UNC path from malicious web page or HTML e-mail. This resource would likely be a malicious attacker-supplied executable.
Affected Products
- Symantec Client Firewall 5.0.0 1
- Symantec Client Firewall 5.1.1
- Symantec Client Security 1.0.0
- Symantec Norton Internet Security 2002
- Symantec Norton Internet Security 2002 Professional Edition
- Symantec Norton Internet Security 2003
- Symantec Norton Internet Security 2003 Professional Edition
- Symantec Norton Internet Security 2004
- Symantec Norton Internet Security 2004 Professional Edition
- Symantec Norton Personal Firewall 2003
- Symantec Norton Personal Firewall 2004
References
- BugTraq: 9915
- CVE: CVE-2004-0364
- URL: http://www.kb.cert.org/vuls/id/549054