Symantec Norton Utilities for Windows contains a flaw that may allow an attacker to execute arbitrary code. The issue is due to the TUNEOCX.OCX ActiveX control, part of the "System Genie" component, not properly handling user input. With a crafted web page, an attacker could trick a victim into browsing the page and executing arbitrary code on the victim's system.

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec has released a patch to address this vulnerability. Users can click on the "live update" to receive the update.

• CVE ID: 1999-1380 (see also: NVD)
• ISS X-Force ID: 7188
• Other Advisory URL: http://mlarchive.ima.com/win95/1997/May/0342.html [ Link is 404 ]
  http://www.net-security.sk/bugs/NT/nu20.html [ Link is 404 ]
• News Article: http://news.zdnet.co.uk/story/0,,s2065518,00.html [ Link is 404 ]

• Not Available