- Related Stories
-
Yahoo Messenger releases security update
December 15, 2006 -
Zero-day attacks continue to hit Microsoft
September 27, 2006 -
Symantec patches antivirus worm hole
May 30, 2006
The vulnerable tools are often used by Internet service providers, PC makers and others to provide support functions such as remote assistance, the U.S. Computer Emergency Readiness Team said in an alert published Thursday. The tools, provided by SupportSoft, contain multiple vulnerabilities, it warned.
US-CERT lists nearly 40 companies and other organizations that have shipped the affected software. Some have addressed the problem, while others are still listed as vulnerable or unknown. Those that have yet to fix the SupportSoft issue include IBM and Internet access providers BellSouth, Comcast and Time Warner, it said.
Symantec includes the SupportSoft components in its consumer security products. The Cupertino, Calif.-based company released its own alert on Thursday, along with fixes. The problem is "high" risk, but is mitigated somewhat, because triggering the flaw would require some action on the part of the user, Symantec noted.
"If successfully exploited, this vulnerability could potentially compromise a user's system, possibly allowing execution of arbitrary code or unauthorized access," Symantec said.
The SupportSoft ActiveX controls are essentially small applications that can be run from Microsoft's Internet Explorer. Symantec shipped the vulnerable controls with Norton AntiVirus 2006, Norton Internet Security 2006 and Norton System Works 2006, it said. Symantec's corporate security products are not affected.
The security company worked with SupportSoft on updates and has made those available via the LiveUpdate feature in its products, it said. Additionally, in November 2006, the flawed versions of the ActiveX controls were disabled through LiveUpdate, Symantec said.
SupportSoft has published its own advisory on the issue. The company offers a step-by-step guide to fix the problem, beginning with searching a PC's hard drive for the vulnerable file (tgctlsi.dll) and applying a fix.
The US-CERT recommends the SupportSoft fix, but has found eight additional files are vulnerable and lists those as: tgctlins.dll; sdcnetcheck.dll; tgctlar.dll; tgctlch.dll; tgctlpr.dll; tgctlcm.dll; tglib.dll; tgctlidx.dll. Searching a PC for all the files is the most effective way to determine if a system is vulnerable, the group said.
See more CNET content tagged:
SupportSoft, Symantec Corp., flaw, ActiveX Control, Norton Co.
Heh. At least that extra work in the beginning was worth it now - I can go home and kick back today, instead of rushing to the computers in a fearful hurry that something they had me download is somehow gonna expose my boxes.
Sometimes, life is just plain good.
/P
Then they get tech level I that reads the script, "do you have multiple computers, if so, unplug them all except for 1 from the router" or better "lets clean your cookies and history" :)
- Remote Access is Remote Access
- by wbenton March 3, 2007 9:03 PM PST
- Unless they have a fool-proof method to thwart unauthorized use of those same tools... this is just another one of those "I told you so" ordeals.
- Like this Reply to this comment
-
(5 Comments)Any time somebody builds a way to login... they MUST ensure authentication and have the proper security set up to prevent miss use of such remote technology.
Otherwise, they're only asking for a hack.
It's just plain common sense... or in this case... sheere lack there of!!! (* CHUCKLE *)
FWIW