{"id":3210,"date":"2004-03-22T09:00:01","date_gmt":"2004-03-22T08:00:01","guid":{"rendered":"https:\/\/destinationcyber.com\/?p=3210"},"modified":"2004-03-22T09:00:01","modified_gmt":"2004-03-22T08:00:01","slug":"failles-critiques-chez-symantec-un-comble","status":"publish","type":"post","link":"https:\/\/destinationcyber.com\/?p=3210","title":{"rendered":"Failles critiques chez Symantec, un comble !"},"content":{"rendered":"

Norton Internet Security et Norton AntiSpam pr\u00e9sentent des failles ActiveX jug\u00e9es hautement critiques. Un comble pour un \u00e9diteur sp\u00e9cialis\u00e9 dans la s\u00e9curit\u00e9 des r\u00e9seaux ! <\/p>\n

Sur Norton Internet Security, la m\u00e9thode ‘LaunchURL’ du composant ActiveX de la classe ‘WrapNISUM’ (WrapUM.dll) permet d’ex\u00e9cuter du code arbitraire \u00e0 partir d’un poste distant.<\/p>\n

Cette faille peut \u00eatre exploit\u00e9e afin d’inciter l’utilisateur \u00e0 afficher un document HTML corrompu, soit en visitant un site Web, soit sur un email au format html.<\/p>\n

Quant \u00e0 Norton AntiSpam 2004, une erreur binaire dans la classe ‘SymSpamHelper’ du composant ActiveX peut \u00eatre exploit\u00e9e et entra\u00eener une surcharge de la m\u00e9moire (buffer overflow) en fournissant \u00e0 la m\u00e9thode ‘LaunchCustomRuleWizard’ un param\u00e8tre excessivement long.<\/p>\n

Les ‘patchs’ de corrections sont disponibles sur la plateforme de mise \u00e0 jour de Symantec.<\/p>\n

Ces failles sont jug\u00e9es d’autant plus critiques, nonobstant le risque qu’elles repr\u00e9sentent si elles sont exploit\u00e9es, que les produits Norton de Symantec sont th\u00e9oriquement destin\u00e9s \u00e0 prot\u00e9ger leurs utilisateurs… <\/p>\n

[source – Silicon.fr] Yves Grandmontagne <\/p>\n","protected":false},"excerpt":{"rendered":"

Norton Internet Security et Norton AntiSpam pr\u00e9sentent des failles ActiveX jug\u00e9es hautement critiques. Un comble pour un \u00e9diteur sp\u00e9cialis\u00e9 dans la s\u00e9curit\u00e9 des r\u00e9seaux ! <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_citadela_custom_class":"","footnotes":""},"categories":[15],"tags":[],"class_list":["post-3210","post","type-post","status-publish","format-standard","hentry","category-securite"],"_links":{"self":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/posts\/3210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3210"}],"version-history":[{"count":0,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=\/wp\/v2\/posts\/3210\/revisions"}],"wp:attachment":[{"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3210"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3210"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/destinationcyber.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}