Symantec has released security update SYM07- 021 to fix an input validation error in two ActiveX controls used by Norton AntiVirus, Norton Internet Security, and Norton System Works. Attackers could exploit the flaws to run malicious code on targeted machines.
“Symantec was notified that two ActiveX controls supplied by NAVCOMUI.DLL contain an input validation error for two properties of the controls,” the vendor said in its advisory. “This error could allow an attacker to crash Internet Explorer or possibly run arbitrary code with the rights of the logged-in user.”
Updates for the affected products are available through Symantec’s LiveUpdate program.