HTTP: Symantec Norton Antivirus NavComUI.dll Exploit
This signature detects attempts to exploit a known vulnerability in Symantec Norton Antivirus. An attacker can create malicious Web pages containing dangerous ActiveX calls, which if accessed by a victim, allows the attacker to gain control of the victim's client browser.
Extended Description
Multiple Symantec Norton products are prone to a remote code-execution vulnerability. This issue occurs in ActiveX controls that are shared across multiple products. Invoking the object from a malicious website or HTML email may trigger this condition. Successful exploits allow remote attackers to execute code and to compromise affected computers. Failed exploit attempts likely result in computer crashes. The following products are vulnerable to this issue: Norton Antivirus 2006 Norton Internet Security 2006 Norton Internet Security, Anti Spyware Edition 2005 Norton System Works 2006
Affected Products
Symantec norton_system_works_2006
References
BugTraq: 24983
CVE: CVE-2007-2955
URL: http://www.symantec.com/avcenter/security/Content/2007.08.09.html
Short Name
HTTP:STC:ACTIVEX:SYMC-NAVCOMUI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Antivirus CVE-2007-2955 Exploit NavComUI.dll Norton Symantec bid:24983
Release Date
09/21/2007
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Symantec
CVSS Score
6.8