Buffer Overflow in Norton Personal Firewall ActiveX Control by Symantec
CVE-2007-1689

Currently unrated

Key Information:

Vendor: Symantec
Status: Norton Internet Security; Norton Personal Firewall
Vendor: CVE Published:; 16 May 2007

Summary

A buffer overflow vulnerability exists in the ISAlertDataCOM ActiveX control within ISLALERT.DLL, impacting Norton Personal Firewall 2004 and Norton Internet Security 2004. This flaw can be exploited by remote attackers through carefully crafted arguments sent to the vulnerable (1) Get and (2) Set functions, potentially allowing arbitrary code execution on the affected system.

References

http://www.vupen.com/english/advisories/2007/1843

vdb-entryx_refsource_VUPEN

http://www.symantec.com/avcenter/security/Content/2007.05...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/23936

vdb-entryx_refsource_BID

EPSS Score

73% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 16, 2007
Vulnerability Reserved
Mar 26, 2007