From Secunia:
Description:
Secunia Research has discovered two vulnerabilities in various Symantec products, which can be exploited by malicious people to compromise a user’s system.The vulnerabilities are caused due to errors in the AxSysListView32 and AxSysListView32OAA ActiveX controls (NavComUI.dll) when handling the “AnomalyList” and “Anomaly” properties respectively as they take a VARIANT* as argument.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities have been confirmed in Norton Internet Security 2006 including Norton AntiVirus 12.7.0.2. According to the vendor, the following versions are affected:
* Norton AntiVirus 2006
* Norton Internet Security 2006
* Norton Internet Security, Anti Spyware Edition 2005
* Norton System Works 2006
Tags: Symantec, Symantec Vulnerability, ActiveX Code Execution, Remote Exploit
