CVE-2007-1689

Name of the Vulnerable Software and Affected Versions: Norton Personal Firewall versions 2004 Norton Internet Security versions 2004

Description: The issue is related to a buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL. This allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

Recommendations: For Norton Personal Firewall version 2004, consider disabling the ISAlertDataCOM ActiveX control until a patch is available. For Norton Internet Security version 2004, restrict access to the ISLALERT.DLL module to minimize the risk of exploitation.