CVE-2007-1689 - Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2

CVE-2007-1689

Summary

Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

References

Vulnerable Configurations

cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_internet_security:2004:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*
cpe:2.3:a:symantec:norton_personal_firewall:2004:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	23936
bugtraq	20070516 Symantec Product Security: Norton Personal Firewall 2004 ActiveX Control vulnerability
cert-vn	VU#983953
confirm	http://www.symantec.com/avcenter/security/Content/2007.05.16.html
osvdb	36164
sectrack	1018073
secunia	25290
vupen	ADV-2007-1843
xf	symantec-islalert-bo(34328)

Last major update

16-10-2018 - 16:40

Published

16-05-2007 - 20:30

Last modified

16-10-2018 - 16:40