Vulnerabilities > CVE-2007-1689 - Buffer Overflow vulnerability in Symantec Norton Personal Firewall 2004 ActiveX Control

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
symantec
critical
exploit available
metasploit

Summary

Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

Vulnerable Configurations

Part Description Count
Application
Symantec
2

Exploit-Db

descriptionSymantec Norton Internet Security 2004 ActiveX Control Buffer Overflow. CVE-2007-1689. Remote exploit for windows platform
idEDB-ID:16610
last seen2016-02-02
modified2010-05-09
published2010-05-09
reportermetasploit
sourcehttps://www.exploit-db.com/download/16610/
titleSymantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow

Metasploit

descriptionThis module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004. By sending an overly long string to the "Get()" method, an attacker may be able to execute arbitrary code.
idMSF:EXPLOIT/WINDOWS/BROWSER/NIS2004_GET
last seen2020-06-13
modified2017-09-09
published2007-05-18
references
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/nis2004_get.rb
titleSymantec Norton Internet Security 2004 ActiveX Control Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82926/nis2004_get.rb.txt
idPACKETSTORM:82926
last seen2016-12-05
published2009-10-30
reporterMC
sourcehttps://packetstormsecurity.com/files/82926/Symantec-Norton-Internet-Security-2004-ActiveX-Control-Buffer-Overflow.html
titleSymantec Norton Internet Security 2004 ActiveX Control Buffer Overflow