Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-1689

4 documents4 sources

Severity

10.0CRITICAL

EPSS

79.0%

top 0.94%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Norton Internet Security Symantec Norton Personal Firewall

Timeline

PublishedMay 16

Latest updateMay 1

Description

Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

▶NVDsymantec/norton_internet_security2004

▶NVDsymantec/norton_personal_firewall2004

Patches

Patch: www.symantec.com ↗Patch: www.symantec.com ↗

🔴Vulnerability Details

GHSA

GHSA-wqj7-8p85-f52v: Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT↗2022-05-01

▶

CVEList

CVE-2007-1689: Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT↗2007-05-16

▶

💥Exploits & PoCs

Exploit-DB

Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow (Metasploit)↗2010-05-09

▶