CVE-2008-0313

Name of the Vulnerable Software and Affected Versions Symantec Norton products including Norton 360 version 1.0 Symantec AntiVirus versions 2006 through 2008 Symantec Internet Security versions 2006 through 2008 Symantec System Works versions 2006 through 2008

Description The issue concerns the ActiveDataInfo.LaunchProcess method in the SymAData.ActiveDataInfo.1 ActiveX control, which fails to properly determine the location of the AutoFix Tool. This allows remote attackers to execute arbitrary code via a remote WebDAV or SMB share.

Recommendations For Norton 360 version 1.0, update to a version that includes a fix for the ActiveDataInfo.LaunchProcess method issue. For Symantec AntiVirus versions 2006 through 2008, update to a version that includes a fix for the ActiveDataInfo.LaunchProcess method issue. For Symantec Internet Security versions 2006 through 2008, update to a version that includes a fix for the ActiveDataInfo.LaunchProcess method issue. For Symantec System Works versions 2006 through 2008, update to a version that includes a fix for the ActiveDataInfo.LaunchProcess method issue. As a temporary workaround, consider disabling the ActiveDataInfo.LaunchProcess method until a patch is available.