Symantec Internet Security 2008 Vulnerable ActiveX

There appears to be two vulnerable ActiveX controls in Symantec Internet Security 2008. The following ActiveX controls are vulnerable:

Progid: SymAData.ActiveDataInfo.1

Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8

File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll

Version: 2.7.0.1

  Clsid: 3451DEDE-631F-421c-8127-FD793AFC6CC8
  File: C:\PROGRA~1\COMMON~1\SYMANT~1\SUPPOR~1\SymAData.dll
  Version 2.7.0.1

These ActiveX are marked safe for scripting by Symantec. According to Symantec, although they are marked safe for scripting, they will only run from the “symantec.com” domain. Successful exploitation would require the use of XSS or DNS poisoning techniques, but could allow for complete control over a users system simply by viewing a malicious page. Symantec has issued updates to fix these vulnerabilities.

Symantec Backup Exec Vulnerability

Backup Exec System Recovery Manager version 7.0 and 7.0.1 have been found to be vulnerable to a flaw that allows attackers to upload files without authentication. This can lead to the execution of arbitrary code. The attack vector is a specially crafted HTTP post. Symantec has released an advisory and update at: http://www.symantec.com/avcenter/security/Content/2008.02.04.html