[原文]Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
Symantec Norton Utilities TUNEOCX.OCX ActiveX Control Arbitrary Command Execution
Remote / Network Access,
Loss of Integrity
Patch / RCS
Symantec Norton Utilities for Windows contains a flaw that may allow an attacker to execute arbitrary code. The issue is due to the TUNEOCX.OCX ActiveX control, part of the "System Genie" component, not properly handling user input. With a crafted web page, an attacker could trick a victim into browsing the page and executing arbitrary code on the victim's system.
Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Users can click on the "live update" to receive the update.