Symantec Products Hit by Critical Security Flaw

By | December 21, 2005

Security firm Secunia reported Tuesday that a high-risk security vulnerability affects Symantec’s products, across both Windows and Macintosh platforms. The vulnerability could allow hackers to take control of a system remotely.

According to an advisory issued by Security firm Secunia, the flaw affects most of Symantec´s products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security.

The vulnerability is within the core library of Symantec anti-virus engine, which provides file format support for virus analysis. Alex Wheeler, security consultant, said that Symantec is vulnerable to multiple heap overflows during decompression of RAR files.

“These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP,” said Wheeler.

In October this year, Wheeler highlighted a similar vulnerability in Kaspersky anti-virus product. Back in February, a similar heap overflow was spotted in Symantec’s anti-virus software.

Leave a Reply