Symantec fixes flaws in Norton, pcAnywhere
Attackers could exploit flaws in Symantec's Norton AntiVirus and pcAnywhere to launch malicious code or compromise a user's session credentials.
The Cupertino, Calif.-based antivirus giant said a flaw in an ActiveX control used by Norton AntiVirus could potentially be exploited by a malicious Web site. An attacker could exploit the flaw to execute code remotely, the vendor said in an advisory.
A design error in NAVOPTS.DLL, the ActiveX control used in Norton AntiVirus, could potentially allow an attacker to crash the control if the user visits a malicious Web site. It "could then allow the attacker to access other Symantec ActiveX controls, even if they are not marked safe for scripting, possibly leading to remote arbitrary code execution in the context of the user's browser," the company added.
The flaw can only be exploited if an attacker tricks the user into visiting a malicious Web site.
"This type of attack is most commonly achieved through sending email containing a link to the malicious site, and persuading the recipient to click on the link," Symantec said.
Symantec has released a fix through its LiveUpdate program.
And though it's no longer a supported version, Symantec said it is preparing a fix for pcAnywhere version 11.5.0. The fix would be made available with no support available, Symantec said, adding that users who want full product support should upgrade to the latest version.
The problem with this version is that a remote user's connection credentials are stored in clear text within the Symantec pcAnywhere host server's process memory when a remote session is requested.
"The credentials of a remote user requesting a session connection can be compromised if a user with administration rights on the host machine utilizes tools to dump the process memory," Symantec said.
