Buffer Overrun in Symantec Norton Personal Security Firewall

Reported July 15, 2002, by @stake.

VERSIONS AFFECTED

 

·         Symantec Norton Personal Firewall 2001 3.0.4.91 for Windows 2000 and Windows NT 4.0

 

DESCRIPTION

A buffer overflow vulnerability exists in Symantec's Norton Personal Firewall that an attacker can exploit to execute code on the vulnerable system. An intruder can exploit this vulnerability even if the requesting application isn't configured in the firewall permission settings to make outgoing requests. See the @stake advisory for a detailed technical explanation.

 

VENDOR RESPONSE

The vendor, Symantec, has released an advisory regarding this vulnerability and recommends that affected users download the patch from the advisory URL when the patch becomes available.

 

CREDIT
Discovered by Ollie Whitehouse of @stake.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish