Login:
Password:
Lost Password?
Print this article  |  E-mail this article  |  Comment on this article

Critical Flaw Affects Symantec AntiVirus

By Ed Oswald, BetaNews

December 21, 2005, 11:58 AM

A flaw within Symantec AntiVirus could open users' computers to the execution of arbitrary code when a specially crafted RAR file is scanned, independent security researcher Alex Wheeler said in an advisory on his Web site Tuesday.

Wheeler's work centers on looking for remote stack, heap and buffer overflows, mainly in antivirus products. In the case of this particular flaw, the problem is a result of unchecked 16bit length fields in RAR sub-block header types.

The flaw allows an attacker to assume complete control of the affected computer, without any user interaction in the default configuration of the antivirus software. Wheeler said that a hacker could exploit the vulnerability through common Internet protocols like SMTP.

"Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges," he wrote in the advisory. "It also provides leverage for further network compromise."

RAR files are being used in increasing numbers by attackers to circumvent antivirus software. Until recently, many scanners did not look inside compressed files. But now that virus writers are trying to use them as payloads for malware, it has become necessary to do so.

However, the fact that this new feature can actually open up an entirely new vulnerability may be disconcerting to some.

Until it is fixed, Wheeler recommends that Symantec users turn off RAR scanning, and practice caution when downloading any RAR file.

Wheeler has labeled the flaw as "high risk." Secunia, a Danish security firm, labeled the vulnerability "highly critical" in an advisory issued Tuesday.

Affected software includes Symantec AntiVirus Corporate Edition 8 through 10, Symantec Norton AntiVirus, and Symantec Mail Security, among other products.

Add a Comment (18 Comments)

BetaNews reserves the right to remove any comment at any time for any reason. Please keep your responses appropriate and on topic. Foul language and personal attacks will not be tolerated.

Name (required):

E-mail (required):

Enter Your Comment:

By bourgeoisdude

edited Dec 22, 2005 - 10:49 AM

You people need to have actually use the product before bashing it!

Apparently no one here has used vesion 2006. I used it recently just because some expert thought that 2006 "finally got it right". I wanted to prove him wrong. Symantec will never get it right.

Version 2006 proved me wrong. It blew me away. It wouldn't even crash for me, even when I tried installing other AV programs. My jaw dropped. I hated Symantec products, their AV had more problems than viruses do...but Antivirus 2006 changed completely.

So guys please get a life doing things other than bashing a product you don't use. I'll remember never to bash AOL 10.0 until I use it and it's crappy. I can't imagine 9.0 to 10.0 could be so much opposite and impress me--but I'll hold the criticism until I at least give it a chance.

Score: 0

By Aires

posted Dec 22, 2005 - 12:03 PM

There there. [pats head]

Score: 0

By dazed_00

posted Dec 22, 2005 - 7:12 AM

Luckily I've switched to Avast. And if you really want to use a payed-for antivirus program, then just use Mcafee.

Score: 0

By Aires

posted Dec 22, 2005 - 7:03 AM

Symantec? I mean really - what a POS company we're talking about. [tuts]

Score: 0

By Black-Wolf

posted Dec 21, 2005 - 9:14 PM

Well, we never use this crappy software.

Use F-Secure!

Score: 0

By Don Juan

posted Dec 21, 2005 - 8:20 PM

Avast is a far superior alternative, and it's free for home users.

Score: 0

By John_Bedin

posted Dec 21, 2005 - 5:18 PM

USE OR BUY AVG

Score: 0

By bounty1990

edited Dec 21, 2005 - 2:06 PM

Well I have to say I use Symantec Corp 10 and even in these flaws found it hasnt effected me. I am also smart enough not to download mysterious .rar files. I have used Mcafee but the system resources kill my pc.

Score: 0

By PC_Tool

posted Dec 21, 2005 - 12:25 PM

Wow.

Symantec finds and removes backdoors....but will it find and remove itself?

Never been more glad I use NOD32.

Score: 0

By maniakmx3

edited Dec 21, 2005 - 12:12 PM

A problem with a Symantec product? and this is new? ....I coulda swore Symantec WAS a virus lol

I mean C'mon now, Symantec is one of the FEW companies out there that has to create a REMOVAL tool to remove it's own software because the uninstall feature NEVER works! rnav2003.exe symnrt.exe symclean.exe it's some funny stuff....

Score: 0

By GoodThings2Life

posted Dec 21, 2005 - 1:13 PM

Yeah, apparently the Windows Installer code is so very difficult to keep track of, lol.

Score: 0

By PC_Tool

posted Dec 21, 2005 - 12:23 PM

ATI had to do the same for their old Catalyst drivers (not sure about the new ones)...so...Sym ain't the only one out there.

Score: 0

By fewt

posted Dec 21, 2005 - 12:58 PM

Yes, but ATI still hasn't even figured out how to write a driver.

The uninstall pales in comparison.

;-)

Score: 0

By PC_Tool

posted Dec 21, 2005 - 1:01 PM

Sadly true.

Score: 0

By fewt

posted Dec 21, 2005 - 1:14 PM

Yep, I've been waiting for MONTHS for ATI to fix a bug in their Linux driver that causes wide aspect displays to not work. IE: at 1280x800 you just get a black screen and the driver hangs. You can ssh into the system to kill it but well that doesn't do much good.

The Windows driver isn't much better, the catalyst control panel is about as bloated as it gets.

Score: 0

By mjm01010101

posted Dec 21, 2005 - 1:34 PM

It's not going to happen. History has proven ATI could care less about Linux developement.

Score: 0

By fewt

posted Dec 21, 2005 - 1:39 PM

Yep, I know.

They sure put on a good show though. Nothing like convincing customers that your product is supported only to find out that it doesn't work they way they claim it does.

Score: 0

By maniakmx3

posted Dec 21, 2005 - 12:52 PM

never said they were the only "one" I said "one of the FEW" :) I know there are others...

Score: 0

Dec 1 - 9:34 PM ET Alltel breaks in a mobile wallet with mFoundry

Dec 1 - 7:38 PM ET Intel tries to turn the tables on AMD in document discovery dispute

Dec 1 - 6:59 PM ET Palm to restructure yet again, may cut more jobs

Dec 1 - 4:58 PM ET Blockbuster downloads headed for more devices via Live Mesh

Dec 1 - 4:55 PM ET AOL's PlaySavvy speaks to game-shy parental units

Dec 1 - 4:41 PM ET Less bad news than anticipated for the semiconductor industry in 2008

Dec 1 - 3:51 PM ET 'Xohm' makes way for 'Clear,' as Sprint/Clearwire merger moves ahead

Dec 1 - 2:01 PM ET Chasing down the latest Cyber Monday tech deals

Dec 1 - 12:50 PM ET Will 'Cyber Monday' fare better than a weak 'Black Friday?'

Dec 1 - 12:38 PM ET Microsoft Cashback goes offline to Black Friday shoppers