Symantec suffers ActiveX and licensing problems
As details of flaw in 2006 products released, users report subscription issues.
Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software
provided by a third-party developer. Meanwhile, some users are apparently reporting problems with their subscriptions,
as false warnings of expiry are issued.
The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the
vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006
and Norton Internet Security 2006. The current 2007 range, including Norton 260, are not thought to be at
risk, and no attempts to exploit the vulnerability have been observed.
Symantec has released detection for any potential exploits, and has provided details on how to check if
software is vulnerable so that a patch can be applied,
here. A Secunia
alert on the issue is here.
According to a report in The Register
(here), Norton 2006 users
have also been experiencing problems with their subscriptions, with false messages warning of imminent expiry of their
licence to access updates. A fix for the problem is thought to be available
(here), and users may be able to
upgrade to the 2007 line, which is not thought to be affected by the problem.
23 February 2007
Tags:
del.icio.us 
digg this
This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.