Serious flaw reported in Symantec antivirus software

Symantec's antivirus software is vulnerable to an attack that could allow a malicious hacker to gain control of a system.

Tom Krazit (IDG News Service)
22 December, 2005 08:30
Comments

Remote attackers could gain control of systems protected by Symantec's antivirus software due to a flaw in Symantec's Antivirus Library, the company confirmed Wednesday.

Independent security researcher Alex Wheeler discovered the flaw and published an advisory (http://www.rem0te.com/public/images/symc2.pdf) Tuesday. In it, he details how the Symantec Antivirus Library can be overwhelmed by "heap overflows" while decompressing an RAR file, a commonly used file format for storing large video or audio files.

To create a heap overflow, a malicious hacker sends large amounts of data that overwhelm a buffer, an area used for temporary data storage. This attack, similar to a buffer overflow, lets attackers overwrite portions of a system's memory in order to run their own malicious code.

Symantec users are vulnerable to the attack when their antivirus software scans the RAR files for viruses or worms, Wheeler wrote. The attack can be launched via e-mail without the user having to open the message or click on an attachment, he said.

Wheeler recommends that users turn off the scanning of RAR files until Symantec fixes the code in the library.

A Symantec spokeswoman provided a statement confirming the vulnerability and the existence of a patch that will detect exploits against a system using this vulnerability. Symantec users should update their antivirus software to obtain the patch, which protects desktop, server, and gateway antivirus software, the statement said.

The company plans to update the Antivirus Software Library to fix the vulnerability, and details about that update will be posted to Symantec's Security Response (http://securityresponse.symantec.com/avcenter/security/SymantecAdvisories.html) later on Wednesday, the spokeswoman said. No exploits using the vulnerability have been reported to Symantec as of midday Wednesday, she said.

Come socialise with us! Facebook | LinkedIn

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Gateway, Symantec, VIA

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Whitepapers

Latest Stories

Community Comments

"yeah, i dont think so.. as usual they will FAIL. when will ..."

Myer to make $300 million online
"Easily solved: more and more software developers/publishers are releasing consumer-friendly and business-friendly ..."

Australian PC software theft reaches record $739m in 2011: BSA
"O’Donovan also said the current PlayStation 3 console has “not been quite ..."

Sony: We are not “out of ideas” and we do have “hit products”
"Pretty! This was an incredibly wonderful article. Many thanks for supplying this ..."

Microsoft is taking a closer look at "racy" apps on Marketplace
"dseha , here http://www.pillbreastenlargement.com/"

ISPs give clean feed filter a technical green-light

ARN Directory | Distributors relevant to this article

Anyware Corporation , Aquion , ASI Solutions , Dicker Data , Express Data , Express Online , Impact Systems Technology , Lynx Technologies , Topstar Computer International , Xpress I.T.

ARN Directory | Vendors relevant to this article

Symantec

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

CCSAP FICO ConsultantNT
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSAP Basis ConsultantACT
FTQM Trainer and ConsultantNSW
CCOBIEE ConsultantWA
FTChange Management ProfessionalsNSW
CCSAP PM ConsultantNSW
FTSales Account ManagerNSW
FTSales Account ManagerNSW
FTSAP Basis ConsultantNSW
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

ACA Pacific

Bonus $500 Gift Card with Every SGI IS5000-SP Storage Subsystem. Ends June 30th, 2012.

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Spectra Logic and Australian National University Success Story - March 2012

Australian National University (ANU) located in Canberra, and ranked as one of the top universities in Australia, recently deployed two Spectra Logic T950 enterprise tape libraries at the heart of its 9.5 petabyte tape-based active archive to support ANU’s high performance private data cloud storage solution. The cloud-based storage installation with Spectra’s tape-based active archive allows ANU to efficiently support its exponential data growth, accelerate access to its research data, and improve overall data reliability.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management