SYM08-009: Symantec AutoFix Support Tool ActiveX Control Vulnerabilities
Two vulnerabilities reported in an ActiveX control used by the Symantec AutoFix Tool could potentially allow arbitrary code execution in the context of the user’s browser. Successful exploitation requires user interaction.
Norton 360 v1
Norton Antivirus 2006 to 2008
Norton Internet Security 2006 to 2008
Norton System Works 2006 to 2008
The affected ActiveX control is shipped only with the consumer products noted above. The control may also have been installed during an online chat session with a member of Symantec’s Consumer Technical Support team.
How to Obtain an Updated AutoFix Tool
An updated (non-vulnerable) version of the AutoFix tool will be automatically installed if customers participate in an online Chat session with Symantec Technical Support. Customers can also download and install an updated AutoFix Tool by visiting this web page and following the instructions here:
Symantec engineers have developed and released updates to address both of these vulnerabilities, as described under How to Obtain the Update.