Advertisements

 Norton Update Center critical XSS vulnerability

Written by DP

Monday, 21 June 2010

According to security researcher "d3v1l" from Security-Shell, the Norton Update Center is vulnerable to cross-site scripting, redirects and html injections.

Malicious people could exploit this vulnerability to redirect Norton product users to drive-by download pages and infect them with malware, adware and spyware. If fallen in the wrong hands of a phisher/carder, the financial details of millions of customers could be exposed.

Norton Update Center XSS Mirror:

http://www.xssed.com/mirror/67383/


So be careful if you have already received a suspicious e-mail from Norton asking you to pay for extending your subscription. I say be careful because this security issue may be known to people with malicious intends for quite a long time.

Let's hope that Symantec's security staff will quickly correct this flaw.

Screenshot:

Norton Update Center XSS Defacement by d3v1l

View more screenshots here.

Symantec websites have been XSSed in the past:

Originally Published At:

http://security-sh3ll.blogspot.com/2010/06/norton-update-center-xss-defacement.html

 

Related News on XSSed:

Critical XSS bugs found today on Symantec.com, now fixed
Verisign, McAfee and Symantec sites can be used for phishing due to XSS


        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.