PT-2007-3057 · Symantec · Norton Internet Security+1

Published

2007-05-16

Updated

2018-10-16

CVE-2007-1689

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Norton Personal Firewall versions 2004 Norton Internet Security versions 2004

Description: The issue is related to a buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL. This allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

Recommendations: For Norton Personal Firewall version 2004, consider disabling the ISAlertDataCOM ActiveX control until a patch is available. For Norton Internet Security version 2004, restrict access to the ISLALERT.DLL module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1689

Affected Products

Norton Internet Security

Norton Personal Firewall

PT-2007-3057 · Symantec · Norton Internet Security+1

CVE-2007-1689

Related Identifiers

Affected Products

References · 12