Title: Symantec AutoFix Tool ActiveX Control Remote Share 'launchProcess()' Insecure Method Vulnerability
Severity: HIGH
Description:
The Symantec AutoFix Tool is a technical-support application that scans a user's computer for possible errors affecting Norton products and provides the user with options for addressing any errors that are discovered.
The application's 'SYMADATA.DLL' ActiveX control library is prone to a vulnerability due to an error in the 'launchProcess()' method. The control is identified by CLSID: 3451DEDE-631F-421C-8127-FD793AFC6CC8.
Attackers can leverage this issue to load an arbitrary file onto a victim's computer and then execute it with the privileges of the application running the control (typically Internet Explorer). This issue is exploitable only when a victim's computer is configured to allow remote connections to WebDav or SMB shares.
Successful exploits will compromise affected computers.
This issue affects the 'SYMADATA.DLL' 2.7.0.1 ActiveX control, which is part of the following Symantec products:
Norton 360 1.0
Norton AntiVirus 2006-2008
Norton Internet Security 2006-2008
Norton System Works 2006-2008
Affected Products:
- Symantec Norton 360 1.0
- Symantec Norton AntiVirus 2006
- Symantec Norton Antivirus 2007
- Symantec Norton Antivirus 2008
- Symantec Norton Internet Security 2006
- Symantec Norton Internet Security 2007
- Symantec Norton Internet Security 2008
- Symantec Norton SystemWorks 2006
- Symantec Norton SystemWorks 2007
- Symantec Norton SystemWorks 2008
References:
- Microsoft: Microsoft Knowledge Base Article 240797
- Symantec: Norton Product Page
- Symantec: SYM08-009 Symantec AutoFix Support Tool ActiveX Control Vulnerabilities
- iDefense: Symantec Internet Security 2008 ActiveDataInfo.LaunchProcess Design Error Vulner
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
