Sign-up

ID

VAR-200705-0188


CVE

CVE-2007-1689


TITLE

Symantec Norton Internet Security 2004 ISAlertDataCOM ActiveX control stack buffer overflow

Trust: 0.8

sources: CERT/CC: VU#983953

DESCRIPTION

Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL for Norton Personal Firewall 2004 and Internet Security 2004 allows remote attackers to execute arbitrary code via long arguments to the (1) Get and (2) Set functions. Symantec Norton Personal Firewall is a very popular firewall software. The Get() and Set() functions used by the ISAlertDataCOM function in the ISLALERT.DLL library of Norton Personal Firewall do not correctly verify the input parameters. If the user is tricked into browsing a specially crafted HTML document, it may trigger a buffer overflow, resulting in a login user permissions to execute arbitrary commands

Trust: 2.7

sources: NVD: CVE-2007-1689 // CERT/CC: VU#983953 // JVNDB: JVNDB-2007-005314 // BID: 23936 // VULHUB: VHN-25051

AFFECTED PRODUCTS

vendor:symantecmodel:norton personal firewallscope:eqversion:2004

Trust: 2.7

vendor:symantecmodel:norton internet securityscope:eqversion:2004

Trust: 2.7

vendor:symantecmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#983953 // BID: 23936 // JVNDB: JVNDB-2007-005314 // CNNVD: CNNVD-200705-345 // NVD: CVE-2007-1689

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-1689
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#983953
value: 3.61

Trust: 0.8

NVD: CVE-2007-1689
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200705-345
value: CRITICAL

Trust: 0.6

VULHUB: VHN-25051
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2007-1689
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-25051
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#983953 // VULHUB: VHN-25051 // JVNDB: JVNDB-2007-005314 // CNNVD: CNNVD-200705-345 // NVD: CVE-2007-1689

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-1689

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200705-345

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200705-345

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-005314

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-25051

PATCH
title:SYM07-007url:http://www.symantec.com/avcenter/security/Content/2007.05.16.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005314

EXTERNAL IDS
db:CERT/CCid:VU#983953
Trust: 3.6
db:NVDid:CVE-2007-1689
Trust: 2.8
db:SECUNIAid:25290
Trust: 2.5
db:BIDid:23936
Trust: 2.0
db:OSVDBid:36164
Trust: 1.7
db:SECTRACKid:1018073
Trust: 1.7
db:VUPENid:ADV-2007-1843
Trust: 1.7
db:JVNDBid:JVNDB-2007-005314
Trust: 0.8
db:XFid:34328
Trust: 0.6
db:BUGTRAQid:20070516 SYMANTEC PRODUCT SECURITY: NORTON PERSONAL FIREWALL 2004 ACTIVEX CONTROL VULNERABILITY
Trust: 0.6
db:CNNVDid:CNNVD-200705-345
Trust: 0.6
db:SEEBUGid:SSVID-71124
Trust: 0.1
db:EXPLOIT-DBid:16610
Trust: 0.1
db:PACKETSTORMid:82926
Trust: 0.1
db:VULHUBid:VHN-25051
Trust: 0.1
sources:
            
            
            CERT/CC: VU#983953 // 
            
            
            
            VULHUB: VHN-25051 // 
            
            
            
            BID: 23936 // 
            
            
            
            JVNDB: JVNDB-2007-005314 // 
            
            
            
            CNNVD: CNNVD-200705-345 // 
            
            
            
            NVD: CVE-2007-1689

REFERENCES
url:http://www.symantec.com/avcenter/security/content/2007.05.16.html
Trust: 2.8
url:http://www.kb.cert.org/vuls/id/983953
Trust: 2.8
url:http://www.securityfocus.com/bid/23936
Trust: 1.7
url:http://osvdb.org/36164
Trust: 1.7
url:http://www.securitytracker.com/id?1018073
Trust: 1.7
url:http://secunia.com/advisories/25290
Trust: 1.7
url:http://support.microsoft.com/kb/240797
Trust: 1.1
url:http://www.securityfocus.com/archive/1/468779/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2007/1843
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/34328
Trust: 1.1
url:http://secunia.com/advisories/25290/
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-1689
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-1689
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/34328
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/468779/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2007/1843
Trust: 0.6
url:http://www.symantec.com/sabu/nis/nis_pe/
Trust: 0.3
url:http://www.symantec.com/sabu/nis/npf/
Trust: 0.3
url:msg://bugtraq/20070516210551.15698.qmail@securityfocus.com
Trust: 0.3
sources:
            
            
            CERT/CC: VU#983953 // 
            
            
            
            VULHUB: VHN-25051 // 
            
            
            
            BID: 23936 // 
            
            
            
            JVNDB: JVNDB-2007-005314 // 
            
            
            
            CNNVD: CNNVD-200705-345 // 
            
            
            
            NVD: CVE-2007-1689

CREDITS
Will Dormann
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200705-345

SOURCES
db:CERT/CCid:VU#983953
db:VULHUBid:VHN-25051
db:BIDid:23936
db:JVNDBid:JVNDB-2007-005314
db:CNNVDid:CNNVD-200705-345
db:NVDid:CVE-2007-1689

LAST UPDATE DATE
2025-04-10T23:14:17.418000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#983953date:2007-05-17T00:00:00
db:VULHUBid:VHN-25051date:2018-10-16T00:00:00
db:BIDid:23936date:2007-11-02T23:56:00
db:JVNDBid:JVNDB-2007-005314date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200705-345date:2007-05-24T00:00:00
db:NVDid:CVE-2007-1689date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:CERT/CCid:VU#983953date:2007-05-16T00:00:00
db:VULHUBid:VHN-25051date:2007-05-16T00:00:00
db:BIDid:23936date:2007-05-16T00:00:00
db:JVNDBid:JVNDB-2007-005314date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200705-345date:2007-05-16T00:00:00
db:NVDid:CVE-2007-1689date:2007-05-16T20:30:00