Secunia Advisory: SA11169
Release Date: 2004-03-19
Critical: Highly critical
Impact: System access
Where: From remote
Software: Norton AntiSpam 2004
NGSSoftware has discovered a vulnerability in Norton AntiSpam 2004, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the "SymSpamHelper Class" (symspam.dll) ActiveX component. This can be exploited to cause a buffer overflow by passing an overly long parameter to the "LaunchCustomRuleWizard" method.
Successful exploitation may allow execution of arbitrary code on a user's system by tricking the user into viewing a malicious HTML document (e.g. by visiting a website or viewing an HTML-based email).
Solution: A patch is reportedly available via the LiveUpdate feature.
Provided and/or discovered by: Mark Litchfield, NGSSoftware.
Cameras that make great holiday gifts
Let them start the new year with a step up in photo and video quality from a phone.