Symantec Norton NavComUI ActiveX control vulnerability

Added: 09/20/2007
CVE: CVE-2007-2955
BID: 24983
OSVDB: 36477

Background

The Symantec Norton product suite includes antivirus, firewall, and other security functions.

Problem

Vulnerabilities in the AxSysListView32 and AxSysListView32OAA ActiveX controls, implemented by the NavComUI.dll library within Norton products, allows command execution when handling specially crafted "AnomalyList" and "Anomaly" properties.

Resolution

A fix is available through the LiveUpdate feature within Norton products.

References

http://secunia.com/secunia_research/2007-53/advisory/

Limitations

Exploit works on Symantec Norton Internet Security 2006.

Platforms

Windows XP

Back to exploit index