1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP Symantec Norton Ghost Remote DLL BO

HTTP Symantec Norton Ghost Remote DLL BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This signature detects attempts to exploit a buffer overflow vulnerability in Symantec Norton Ghost.

Additional Information

Symantec Norton Ghost is a backup utility available for Microsoft Windows.

Symantec Norton Ghost is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. This issue occurs in the 'RemoteCommand.DLL' library. Specifically, when an attacker passes an excessively long connect string, a buffer will overflow.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

This issue affects Symantec Ghost 12.0; other versions may also be affected.


  • Symantec Norton Ghost 12.0
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube