HTTP: Norton Internet Security LaunchURL Exploit Attempt
This signature detects attempts to exploit a known vulnerability against Norton Internet Security products. Attackers can provide an oversized URL to the LaunchURL function, overflowing the buffer and enabling attackers to execute arbitrary commands.
Extended Description
Symantec firewall products such as Norton Internet Security, Norton Personal Firewall, Client Firewall and Client Security are prone to a vulnerability that may potentially allow for remote command execution. This vulnerability is exposed via the WrapNISUM Class ActiveX component. This component may potentially be invoked to launch a resource via a UNC path from malicious web page or HTML e-mail. This resource would likely be a malicious attacker-supplied executable.
Affected Products
Symantec norton_internet_security_2004_professional_edition
Short Name
HTTP:STC:NORTON:LAUNCHURL-HTTP
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Attempt CVE-2004-0364 Exploit Internet LaunchURL Norton Security bid:9915
Release Date
04/01/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Rarely
Vendors
Symantec
CVSS Score
7.5