CVE-2007-1689
Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.
Desbordamiento de búfer en el control ActiveX ISAlertDataCOM, en ISLALERT.DLL para Norton Personal Firewall 2004 e Internet Security 2004 permite a atacantes remotos ejecutar código de su elección mediante argumentos largos para las funciones (1) Get y (2) Set.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-03-26 CVE Reserved
- 2007-05-16 CVE Published
- 2010-05-09 First Exploit
- 2024-08-07 CVE Updated
- 2024-08-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://osvdb.org/36164 | Vdb Entry | |
| http://www.kb.cert.org/vuls/id/983953 | Third Party Advisory |
|
| http://www.securityfocus.com/archive/1/468779/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/23936 | Vdb Entry | |
| http://www.securitytracker.com/id?1018073 | Vdb Entry | |
| http://www.vupen.com/english/advisories/2007/1843 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34328 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/16610 | 2010-05-09 |
| URL | Date | SRC |
|---|---|---|
| http://www.symantec.com/avcenter/security/Content/2007.05.16.html | 2018-10-16 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/25290 | 2018-10-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Symantec Search vendor "Symantec" | Norton Internet Security Search vendor "Symantec" for product "Norton Internet Security" | 2004 Search vendor "Symantec" for product "Norton Internet Security" and version "2004" | - |
Affected
| ||||||
| Symantec Search vendor "Symantec" | Norton Personal Firewall Search vendor "Symantec" for product "Norton Personal Firewall" | 2004 Search vendor "Symantec" for product "Norton Personal Firewall" and version "2004" | - |
Affected
| ||||||