Symantec closes NIS back door
Published: 22 Mar 2004 09:45 GMT
A software component of Norton Internet Security could allow hackers to use the application as a back door into a person's computer system, security researchers warned last Friday.
The flaw occurs in an ActiveX component used by security firm Symantec's flagship desktop security program, Norton Internet Security, according to an advisory published by research firm NGSSoftware. The security hole could be used to run an attack program that would then take control of the computer that the software was trying to protect.
"The attack can be achieved either by encouraging the victim to visit a malicious Web page or placing a script within...an HTML email," the advisory stated.
Symantec's Antispam software has a similar issue caused by a different ActiveX component. ActiveX is a Microsoft technology for creating scripts, small programs that can add functionality to a computer or a Web site.
Symantec released fixes for the flaws that can be downloaded from its site, using LiveUpdate, the standard update mechanism included with the programs.
"To date, Symantec has not had any reports of any related exploits, and exploit code has not been posted, but we will continue to evaluate this issue," the company said in a statement sent to ZDNet UK's sister site CNET News.com. "Symantec issued a fix on 18 March for customers to download via LiveUpdate."
Last December, Symantec fixed a problem that affected a small percentage of the more than 1.2m users of the company's Norton Antivirus 2004, Norton Internet Security 2004, Norton Antispam 2004 and Norton SystemWorks 2004. For those customers, the applications would mistakenly ask for a product activation code every time a PC was rebooted, and eventually the program would become locked.
Did you find this article useful?
85 out of 142 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
