Symantec suffers ActiveX and licensing problems

As details of flaw in 2006 products released, users report subscription issues.

Symantec has released details of a potential security threat in its 2006 products, involving ActiveX software provided by a third-party developer. Meanwhile, some users are apparently reporting problems with their subscriptions, as false warnings of expiry are issued.

The ActiveX flaw, which could be used to initiate a stack overflow and gain remote access to a machine running the vulnerable software, affects several products in Symantec's 2006 range, including Norton AntiVirus 2006 and Norton Internet Security 2006. The current 2007 range, including Norton 260, are not thought to be at risk, and no attempts to exploit the vulnerability have been observed.

Symantec has released detection for any potential exploits, and has provided details on how to check if software is vulnerable so that a patch can be applied, here. A Secunia alert on the issue is here.

According to a report in The Register (here), Norton 2006 users have also been experiencing problems with their subscriptions, with false messages warning of imminent expiry of their licence to access updates. A fix for the problem is thought to be available (here), and users may be able to upgrade to the 2007 line, which is not thought to be affected by the problem.

Posted on 23 February 2007 by Virus Bulletin.