Symantec confirms high-risk corporate AV flaw

Researchers have exposed a flaw in Symantec’s corporate anti-virus software, which could allow hackers to gain control of an affected computer.

  • E-Mail
By  Eliot Beer Published  May 28, 2006

Researchers have exposed a flaw in Symantec’s corporate anti-virus software, which could allow hackers to gain control of an affected computer. Symantec has now confirmed the existence of the vulnerability on its website, but has yet to release a patch to secure the affected versions. Its website is currently offering detection tools to help organisations detect attempts to exploit the flaw, although at this stage no exploits are known to exist. The flaw – a stack overflow in Symantec Client Security version 3.0 and above and Symantec AntiVirus Corporate Edition version 10.0 and above – was discovered by researchers at eEye Digital Security on May 24. Symantec released a statement the following day, and confirmed the vulnerability on May 26. Under the details section of its statement, the anti-virus firm said: “Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system.” Kevin Isaac, regional director for the Middle East and North Africa at Symantec, said he had no comment to make on the specific situation, other than what was contained in the firm’s statement on the web. “We have always advocated a defence in depth strategy, meaning anti-virus is never enough. You’ve got to have your firewall, you’ve got to have your intrusion detection on all your devices, even on your desktop devices. For example, Symantec issued an update which blocked this vulnerability using the firewall and the intrusion detection in Symantec Client Security immediately,” said Isaac. “The defence in depth strategy has always worked very well in the situation where one specific technology has been found wanting and is being resolved.” The flaw does not affect consumer versions of Symantec’s anti-virus and security software, such as its Norton range of products. Symantec has recently been bullish about its ability to compete with Microsoft on the security front, following the Redmond software giant’s move to integrate security products with its delayed Windows Vista operating system. “We know more about security than they [Microsoft] ever will,” Symantec CEO John Thompson said at an event earlier this month. Two weeks ago Symantec launched a lawsuit against MS, alleging the firm had misappropriated storage technology from Veritas, a company Symantec bought last year. More information is available from the Symantec website here.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code