Jump to content

Online Security Check

andsome

By andsome,
in Security Chat

 Share

Recommended Posts

andsome Newbie

andsome

Posted
Posted

Just received this e-mail from Symantec

Norton Internet Security News Bulletin

June 30, 2003

_____________________________

In this issue:

1. Security Advisory Regarding Symantec Security Check

2. Feedback

3. Subscribing and unsubscribing

4. Disclaimer

_____________________________

NOTE: This is an outgoing email address. Do not reply to this email

message. If you require assistance with installing, configuring, or

troubleshooting a Symantec product, or if you have a question for

Customer Service, then visit the Symantec Service & Support Web site

at the following Internet address:

http://www.symantec.com/techsupp/

To view this and prior News Bulletins in HTML format, visit the

following Internet address:

http://www.symantec.com/techsupp/bulletin/...is_archive.html

_____________________________

1. Security Advisory Regarding Symantec Security Check:

Please read this if you used the Symantec Security Check prior to

June 24, 2003.

A security advisory was issued regarding a potential exploit of an

ActiveX control that is used by the Symantec Security Check Web site.

(Symantec Security Check is a free Web-based tool that lets users

test their computer's exposure to a wide range of online threats.) As

part of running the Symantec Security Check, users may have installed

an ActiveX control that remains on the user's system even after the

check has completed.

This ActiveX control contains a buffer overflow exploit. The buffer

overflow can be exploited when the user with this ActiveX control

visits a malicious

Web site that is intent on exploiting this vulnerability. When

exploited, Internet Explorer can crash and/or arbitrary code be

executed on the user's computer.

Symantec has replaced the current ActiveX control on the Symantec

Security Check Web site so that new visitors will not be affected by

the exploit. Previous visitors to Symantec Security Check should

revisit the site at http://security.symantec.com and run a new

Security Scan. By running a new scan, the previous ActiveX control

will be replaced by an updated ActiveX control that fixes the buffer

overflow condition.

For those users who prefer not to run a new scan, Symantec has

created a cleanup tool to remove the ActiveX control. The tool is

posted at:

http://securityresponse.symantec.com/techs...vURL.cgi/srsc1/

For additional information, please visit the Symantec Security

Response Web site at:

http://securityresponse.symantec.com/techs...vURL.cgi/srsc2/

Safe Practices

You should set your browser to prompt for permission before an

ActiveX control is accepted and run on your computer system. You can

also set your browser to never accept and run ActiveX controls unless

it is from a trusted source that you designate.

There is a possibility that this ActiveX control could be used by

parties other than Symantec. If, while on the Web, you are asked to

download an ActiveX control signed by Symantec, but you are not at a

Symantec domain or Web site, you should reject the ActiveX download.

_____________________________

2. Feedback

Do you have feedback that can help us provide better products or

services? If so, then we want to hear from you. Visit the Symantec

suggestion box at the following Internet address, and let us know how

we can improve:

http://www.symantec.com/feedback/

_____________________________

3. Subscribing and unsubscribing

If you want to subscribe to other Symantec newsletters, then follow

the instructions at the following Internet address:

http://www.symantec.com/techsupp/bulletin/...n/consumer.html

If you no longer want to receive this newsletter, then follow these

steps:

1. Create a new email message addressed to:

[email protected]

2. In the Subject line, type the following:

UNSUBSCRIBE

3. In the body of the message, type the following:

SIGNOFF NIS-TECHINFO-L

4. Send the message.

If you want to unsubscribe from other Symantec newsletters, then

follow the instructions at the following Internet address:

http://www.symantec.com/techsupp/bulletin/...n/consumer.html

_____________________________

4. Disclaimer

THIS DOCUMENT IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY.

This message contains Symantec Corporation's current view of the

topics discussed as of the date of this document. The information

contained in this message is provided "as is" without warranty of any

kind, either expressed or implied, including but not limited to the

implied warranties of merchantability, fitness for a particular

purpose, and freedom from infringement. The user assumes the entire

risk as to the accuracy and the use of this document. This document

may not be distributed for profit.

Symantec and the Symantec logo are U.S. registered trademarks of

Symantec Corporation. Other brands and products are trademarks of

their respective holder(s).

© Copyright 2003 Symantec Corporation. All rights reserved.

Materials may not be published in other documents without the

express, written permission of Symantec Corporation.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue. Privacy Policy

  I accept