CVE-2007-1689

Symantec Norton Internet Security - Buffer Overflow

Title source: rule

Description

Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16610

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/nis2004_get.rb

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/25290

[US Government Resource] http://www.kb.cert.org/vuls/id/983953

[Patch, Vendor Advisory] http://www.symantec.com/avcenter/security/Content/2007.05.16.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/468779/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/23936

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/34328

[Third Party Advisory, VDB Entry] http://osvdb.org/36164

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1018073

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/1843

Scores

EPSS 0.7904

EPSS Percentile 99.1%

Details

Status published

Products (2)

symantec/norton_internet_security 2004

symantec/norton_personal_firewall 2004

Published May 16, 2007

Tracked Since Feb 18, 2026