ID CVE-2007-1689
Summary Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:norton_internet_security:2004
    cpe:2.3:a:symantec:norton_internet_security:2004
  • cpe:2.3:a:symantec:norton_personal_firewall:2004
    cpe:2.3:a:symantec:norton_personal_firewall:2004
CVSS
Base: 10.0 (as of 17-05-2007 - 18:23)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow. CVE-2007-1689. Remote exploit for windows platform
id EDB-ID:16610
last seen 2016-02-02
modified 2010-05-09
published 2010-05-09
reporter metasploit
source https://www.exploit-db.com/download/16610/
title Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow
metasploit via4
description This module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) provided by Symantec Norton Internet Security 2004. By sending an overly long string to the "Get()" method, an attacker may be able to execute arbitrary code.
id MSF:EXPLOIT/WINDOWS/BROWSER/NIS2004_GET
last seen 2019-03-24
modified 2017-09-09
published 2007-05-18
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/nis2004_get.rb
title Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/82926/nis2004_get.rb.txt
id PACKETSTORM:82926
last seen 2016-12-05
published 2009-10-30
reporter MC
source https://packetstormsecurity.com/files/82926/Symantec-Norton-Internet-Security-2004-ActiveX-Control-Buffer-Overflow.html
title Symantec Norton Internet Security 2004 ActiveX Control Buffer Overflow
refmap via4
bid 23936
bugtraq 20070516 Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability
cert-vn VU#983953
confirm http://www.symantec.com/avcenter/security/Content/2007.05.16.html
osvdb 36164
sectrack 1018073
secunia 25290
vupen ADV-2007-1843
xf symantec-islalert-bo(34328)
Last major update 07-03-2011 - 21:52
Published 16-05-2007 - 16:30
Last modified 16-10-2018 - 12:40
Back to Top