andsome Posted July 1, 2003 Report Share Posted July 1, 2003 Just received this e-mail from SymantecNorton Internet Security News BulletinJune 30, 2003_____________________________In this issue:1. Security Advisory Regarding Symantec Security Check2. Feedback3. Subscribing and unsubscribing4. Disclaimer_____________________________NOTE: This is an outgoing email address. Do not reply to this emailmessage. If you require assistance with installing, configuring, ortroubleshooting a Symantec product, or if you have a question forCustomer Service, then visit the Symantec Service & Support Web siteat the following Internet address:http://www.symantec.com/techsupp/To view this and prior News Bulletins in HTML format, visit thefollowing Internet address:http://www.symantec.com/techsupp/bulletin/...is_archive.html_____________________________1. Security Advisory Regarding Symantec Security Check:Please read this if you used the Symantec Security Check prior toJune 24, 2003.A security advisory was issued regarding a potential exploit of anActiveX control that is used by the Symantec Security Check Web site.(Symantec Security Check is a free Web-based tool that lets userstest their computer's exposure to a wide range of online threats.) Aspart of running the Symantec Security Check, users may have installedan ActiveX control that remains on the user's system even after thecheck has completed.This ActiveX control contains a buffer overflow exploit. The bufferoverflow can be exploited when the user with this ActiveX controlvisits a maliciousWeb site that is intent on exploiting this vulnerability. Whenexploited, Internet Explorer can crash and/or arbitrary code beexecuted on the user's computer.Symantec has replaced the current ActiveX control on the SymantecSecurity Check Web site so that new visitors will not be affected bythe exploit. Previous visitors to Symantec Security Check shouldrevisit the site at http://security.symantec.com and run a newSecurity Scan. By running a new scan, the previous ActiveX controlwill be replaced by an updated ActiveX control that fixes the bufferoverflow condition.For those users who prefer not to run a new scan, Symantec hascreated a cleanup tool to remove the ActiveX control. The tool isposted at:http://securityresponse.symantec.com/techs...vURL.cgi/srsc1/For additional information, please visit the Symantec SecurityResponse Web site at:http://securityresponse.symantec.com/techs...vURL.cgi/srsc2/Safe PracticesYou should set your browser to prompt for permission before anActiveX control is accepted and run on your computer system. You canalso set your browser to never accept and run ActiveX controls unlessit is from a trusted source that you designate.There is a possibility that this ActiveX control could be used byparties other than Symantec. If, while on the Web, you are asked todownload an ActiveX control signed by Symantec, but you are not at aSymantec domain or Web site, you should reject the ActiveX download._____________________________2. FeedbackDo you have feedback that can help us provide better products orservices? If so, then we want to hear from you. Visit the Symantecsuggestion box at the following Internet address, and let us know howwe can improve:http://www.symantec.com/feedback/_____________________________3. Subscribing and unsubscribingIf you want to subscribe to other Symantec newsletters, then followthe instructions at the following Internet address:http://www.symantec.com/techsupp/bulletin/...n/consumer.htmlIf you no longer want to receive this newsletter, then follow thesesteps: 1. Create a new email message addressed to: [email protected] 2. In the Subject line, type the following: UNSUBSCRIBE 3. In the body of the message, type the following: SIGNOFF NIS-TECHINFO-L 4. Send the message.If you want to unsubscribe from other Symantec newsletters, thenfollow the instructions at the following Internet address:http://www.symantec.com/techsupp/bulletin/...n/consumer.html_____________________________4. DisclaimerTHIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.This message contains Symantec Corporation's current view of thetopics discussed as of the date of this document. The informationcontained in this message is provided "as is" without warranty of anykind, either expressed or implied, including but not limited to theimplied warranties of merchantability, fitness for a particularpurpose, and freedom from infringement. The user assumes the entirerisk as to the accuracy and the use of this document. This documentmay not be distributed for profit.Symantec and the Symantec logo are U.S. registered trademarks ofSymantec Corporation. Other brands and products are trademarks oftheir respective holder(s).© Copyright 2003 Symantec Corporation. All rights reserved.Materials may not be published in other documents without theexpress, written permission of Symantec Corporation. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.