Buffer overflow in the ISLALERT.DLL ActiveX control associated with Personal Firewall / Internet Security 2004. The error occurs in the Get() and Set() functions used by ISAlertDataCOM. Arbitrary code execution can result, at the level of the current user.

Description:

It has been discovered that there is a serious vulnerability affecting the 2004 versions of Norton Personal Firewall and Internet Security. This particular vulnerability could allow a remote attacker to take over a vulnerable system and run code of their choice, as if they were the local user.

Mitigation:

Select and run LiveUpdate from within Norton Personal Firewall 2004, or follow the link listed for Product Updates

Updates:

http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2007010219171513

Source:

http://securityresponse.symantec.com/avcenter/security/Content/2007.05.16.html

Exploits:

CVE-ID: CVE-2007-1689