: Symantec Autofix and chat tool is vulnerable

03.04.2008, 10:57
SYM08-009: Symantec AutoFix Support Tool ActiveX Control Vulnerabilities

Two vulnerabilities reported in an ActiveX control used by the Symantec AutoFix Tool could potentially allow arbitrary code execution in the context of the users browser. Successful exploitation requires user interaction.

Affected Products
Norton 360 v1
Norton Antivirus 2006 to 2008
Norton Internet Security 2006 to 2008
Norton System Works 2006 to 2008

The affected ActiveX control is shipped only with the consumer products noted above. The control may also have been installed during an online chat session with a member of Symantecs Consumer Technical Support team.

Solution below:

How to Obtain an Updated AutoFix Tool
An updated (non-vulnerable) version of the AutoFix tool will be automatically installed if customers participate in an online Chat session with Symantec Technical Support. Customers can also download and install an updated AutoFix Tool by visiting this web page and following the instructions here:


Symantec Response
Symantec engineers have developed and released updates to address both of these vulnerabilities, as described under How to Obtain the Update.