[Dshield] An unfixed highly critical vulnerabilitydiscovered inMicrosoft Internet Explorer

Fred fretz at pacbell.net
Mon Apr 12 21:58:47 GMT 2004

Peter Stendahl-Juvonen wrote:
> Chuck, Guy et al.
> Did some research on this issue and came to the following conclusions.
> Assume the reason why you do not experience the alert is the following.
> You apparently run NAV2004 either using the default setting "Normal"
> (or have changed the setting to "Low") instead of "Highest level of
> protection" in NAV2004's settings for System | Auto-Protect |
> Bloodhound | How to protect against new and unknown viruses | [v]
> Enable Bloodhound heuristics (recommended) is set to option "Highest
> level of protection".
> Please change the default setting "Normal" (or "Low" if you have that
> enabled) to "Highest level of protection", and I bet you will see the
> alerts as soon as you revisit the web page address in question.

I use _NAV2003_ with the Bloodhound usually set to its "Normal"
(recommended) setting for Autoprotect.  Several days ago when I went to the
Secunia page I did not see the warning.  I just switched the Bloodhound
setting to the "Highest level..." and I also DID get the warning when I
tried the Secunia page again a few minutes ago.

> Even after downloading, installing and enabling the free beta version
> of Qwik-FixT from PivX LABS/PivX Solutions, LLC (at
> http://www.pivx.com/qwik-fix/) the situation is still the same; NAV2004
> erroneously launches the (above) two alarms in one second flat after
> landing on Secunia's web page (at
> http://secunia.com/advisories/10523/).

I also have installed The Quik-Fix product and with NAV2003 my results are
just as you describe for NAV2004 - an alert in about "one second flat" even
with Quik-Fix enabled.
This is on my Windows 98 (FE) with IE as patched and updated as MS makes
possible.  NAV2003 is also updated to today's virus definitions (04-12).

> NAV2004 issues the alarms when using MS IE 6.0 SP-1 (+ fully patched)
> and Mozilla v 1.6 as well.
> IMHO, this heuristic detection is a positive False Alarm.
> Since I prefer using the option "Highest level of protection", I have
> asked Symantec Corp Tech Support kindly to fix this positive False
> Alert and erroneous detection.
> - Pete

I suppose an email to Symantec from us NAV2003 users would be a good idea
too, since that version is still supported.  Because you've shown Pete, that
the problem exists in NAV2004, at least Symantec couldn't get by with
recommending an "upgrade to the latest version".
I think I'll wait to upgrade to "NAV2005" (or whatever name its actually
called), which will probably be in just a few months if previous version
releases are any indication.


More information about the list mailing list