CVE-2007-1689

Norton Internet Security and Personal Firewall - Buffer Overflow via ISAlertDataCOM ActiveX Control

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-1689. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/nis2004_get.

AI-analyzed exploit summary This exploit targets a stack buffer overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) in Symantec Norton Internet Security 2004. It leverages a long string passed to the 'Get()' method to execute arbitrary code via a crafted HTML page.

Description

Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16610

This exploit targets a stack buffer overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) in Symantec Norton Internet Security 2004. It leverages a long string passed to the 'Get()' method to execute arbitrary code via a crafted HTML page.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Norton Internet Security 2004
No auth needed
Prerequisites: Target must have Norton Internet Security 2004 installed · Target must visit a malicious webpage hosting the exploit
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/nis2004_get.rb

This Metasploit module exploits a stack buffer overflow in the ISAlertDataCOM ActiveX Control (ISLAert.dll) in Symantec Norton Internet Security 2004. It sends an overly long string to the 'Get()' method to achieve arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Symantec Norton Internet Security 2004
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target system must have the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1843
Patch, Vendor Advisory x_refsource_confirm
http://www.symantec.com/avcenter/security/Content/2007.05.16.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23936
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36164
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1018073
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25290
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/983953
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34328
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/468779/100/0/threaded

Scores

EPSS 0.6444
EPSS Percentile 99.1%

Details

Status published
Products (2)
symantec/norton_internet_security 2004
symantec/norton_personal_firewall 2004
Published May 16, 2007
Tracked Since Feb 18, 2026