HTTP: Norton AntiVirus 2004 ActiveX Denial of Service
This signature detects attempts to exploit a known vulnerability against Symantec's, Norton's AntiVirus Applauncher ActiveX controls. The ActiveX control does not validate external input correctly. Attackers can create a malicious HTML document that, when viewed by a user, activates the ActiveX component and causes a denial of service (DoS) against the user's AntiVirus software. Attackers can crash the target system or execute arbitrary code.
Extended Description
Symantec Norton AntiVirus is prone to a remote code execution vulnerability. This issue presents itself in an ActiveX control used by the application and could allow an attacker to execute arbitrary executables, launch URI pop-up windows, and carry out denial of service attacks against the antivirus application. Norton AntiVirus 2004 is prone to this vulnerability.
Affected Products
Symantec norton_antivirus_2004
References
BugTraq: 10392
CVE: CVE-2004-0487
URL: http://securityresponse.symantec.com/avcenter/security/Content/2004.05.20.html
Short Name
HTTP:STC:ACTIVEX:NORTON-ANTI
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
2004 ActiveX AntiVirus CVE-2004-0487 Denial Norton Service bid:10392 of
Release Date
06/03/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3725
False Positive
Unknown
Vendors
Symantec
CVSS Score
10.0