Symantec Patches ActiveX Vulnerability in Norton Antivirus

Symantec has released a patch for an ActiveX control input validation vulnerability that could allow attackers to execute arbitrary code on affected systems. The vulnerability impacts Norton Antivirus 2006, Norton SystemWorks 2006, Norton Internet Security 2006, and Norton Internet Security Antispyware Edition 2005. No other products are vulnerable.

According to Symantec, "users who regularly launch and run LiveUpdate should already have received an updated (non-vulnerable) version". Users can also update manually by selecting the LiveUpdate option and allowing it to run until all product updates have been downloaded and installed. In addition, an IPS signature and virus definition (dated 08-09-2007 or later) have been released which will detect possible attempts to exploit the vulnerability. Exploit attempts will be identified as Bloodhound.Exploit.148.

For more information, refer to SYM07-021.