Vulnerabilities > CVE-2007-1689 - Buffer Overflow vulnerability in Symantec Norton Personal Firewall 2004 ActiveX Control
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description | Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow. CVE-2007-1689. Remote exploit for windows platform |
id | EDB-ID:16610 |
last seen | 2016-02-02 |
modified | 2010-05-09 |
published | 2010-05-09 |
reporter | metasploit |
source | https://www.exploit-db.com/download/16610/ |
title | Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow |
Metasploit
description | This module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004. By sending an overly long string to the "Get()" method, an attacker may be able to execute arbitrary code. |
id | MSF:EXPLOIT/WINDOWS/BROWSER/NIS2004_GET |
last seen | 2020-06-13 |
modified | 2017-09-09 |
published | 2007-05-18 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/nis2004_get.rb |
title | Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow |
Packetstorm
data source | https://packetstormsecurity.com/files/download/82926/nis2004_get.rb.txt |
id | PACKETSTORM:82926 |
last seen | 2016-12-05 |
published | 2009-10-30 |
reporter | MC |
source | https://packetstormsecurity.com/files/82926/Symantec-Norton-Internet-Security-2004-ActiveX-Control-Buffer-Overflow.html |
title | Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow |
References
- http://osvdb.org/36164
- http://secunia.com/advisories/25290
- http://www.kb.cert.org/vuls/id/983953
- http://www.securityfocus.com/archive/1/468779/100/0/threaded
- http://www.securityfocus.com/bid/23936
- http://www.securitytracker.com/id?1018073
- http://www.symantec.com/avcenter/security/Content/2007.05.16.html
- http://www.vupen.com/english/advisories/2007/1843
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34328