Rule:--Sid:2485--Summary:This event is generated when an attempt is made to exploit a buffer overflow associated with Norton Internet Security 2004 AntiSpam feature.--Impact:A successful attack may permit a buffer overflow that allows theexecution of arbitrary code in the context of LOCAL_SYSTEM.--Detailed Information:Norton Internet Security 2004 provides desktop security for Windows hosts.A buffer overflow exists in a module associated with the AntiSpam feature of Norton Internet Security. This is an ActiveX module that has been labeled"safe for scripting" allowing it to be accessed and run via a client'sweb browser on a host running a vulnerable version of Norton InternetSecurity 2004. If an attacker can entice a user on a vulnerable host toa malicious web server, it is possible to invoke the faulty ActiveXcomponent.  This may cause a buffer overflow and the execution of arbitrarycode in the context of LOCAL_SYSTEM.--Affected Systems:Norton Internet Security 2004, Norton Internet Security Pro 2004 versions before 7.0.3.8--Attack Scenarios:An attacker can entice a user on a vulnerable host to a malicious webpage and execute the faulty ActiveX component, possibly causinga buffer overflow and the subsequent execution of arbitrary code on thevulnerable host.-- Ease of Attack:Difficult unless exploit code becomes available.--False Positives:None known.--False Negatives:None known.--Corrective Action:Upgrade to the latest non-affected version of the software.--Contributors:Sourcefire Research TeamBrian Caswell<bmc@sourcefire.com>Judy Novak <judy.novak@sourcefire.com>--Additional ReferencesBugtraq:http://security.focus.com/bid/9916--