Signature Detail

HTTP: Norton AntiVirus 2004 ActiveX Denial of Service

This signature detects attempts to exploit a known vulnerability against Symantec's, Norton's AntiVirus Applauncher ActiveX controls. The ActiveX control does not validate external input correctly. Attackers can create a malicious HTML document that, when viewed by a user, activates the ActiveX component and causes a denial of service (DoS) against the user's AntiVirus software. Attackers can crash the target system or execute arbitrary code.

Extended Description

Symantec Norton AntiVirus is prone to a remote code execution vulnerability. This issue presents itself in an ActiveX control used by the application and could allow an attacker to execute arbitrary executables, launch URI pop-up windows, and carry out denial of service attacks against the antivirus application. Norton AntiVirus 2004 is prone to this vulnerability.

Affected Products

• Symantec Norton AntiVirus 2004

References

• BugTraq: 10392
• CVE: CVE-2004-0487
• URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.05.20.html