Symantec suffers ActiveX and licensing problems

As details of flaw in 2006 products released, users report subscription issues.

Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software provided by a third-party developer. Meanwhile, some users are apparently reporting problems with their subscriptions, as false warnings of expiry are issued.

The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006 and Norton Internet Security 2006. The current 2007 range, including Norton 260, are not thought to be at risk, and no attempts to exploit the vulnerability have been observed.

Symantec has released detection for any potential exploits, and has provided details on how to check if software is vulnerable so that a patch can be applied, here. A Secunia alert on the issue is here.

According to a report in The Register (here), Norton 2006 users have also been experiencing problems with their subscriptions, with false messages warning of imminent expiry of their licence to access updates. A fix for the problem is thought to be available (here), and users may be able to upgrade to the 2007 line, which is not thought to be affected by the problem.

Posted on 23 February 2007 by Virus Bulletin.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 23 comments

SMI Oil and Gas Cyber Security 2014

Malware Prevalence
Adware-misc |##########|
Java-Exploit |########|
Autorun |#####|
BHO/Toolbar-misc |####|
Conficker/Downadup |###|
 View this month's full report

Virus Bulletin currently has 231,292 registered users.