HTTP: Norton Internet Security symspam.dll Exploit Attempt
This signature detects attempts to exploit a known vulnerability against Norton Internet Security products. Attackers can provide an oversized URL to the LaunchCustomRuleWizard function, overflowing the buffer and enabling attackers to execute arbitrary commands.
Extended Description
Symantec Norton AntiSpam has been reported prone to a remotely exploitable buffer overrun vulnerability. This issue exists in the SymSpamHelper Class ActiveX component, which could be invoked from a web page or HTML e-mail with malformed parameters sufficient to trigger the condition. This could be exploited to execute arbitrary code with the privileges of the client user.
Affected Products
Symantec norton_antispam_2004
Short Name
HTTP:STC:ACTIVEX:NORTON-SYMSPAM
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Attempt CVE-2004-0363 Exploit Internet Norton Security bid:9916 symspam.dll
Release Date
04/01/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Rarely
Vendors
Symantec
CVSS Score
7.5