RSSCritical Flaw Affects Symantec AntiVirus
By Ed Oswald | Published December 21, 2005, 11:58 AM
A flaw within Symantec AntiVirus could open users' computers to the execution of arbitrary code when a specially crafted RAR file is scanned, independent security researcher Alex Wheeler said in an advisory on his Web site Tuesday.
Wheeler's work centers on looking for remote stack, heap and buffer overflows, mainly in antivirus products. In the case of this particular flaw, the problem is a result of unchecked 16bit length fields in RAR sub-block header types.
The flaw allows an attacker to assume complete control of the affected computer, without any user interaction in the default configuration of the antivirus software. Wheeler said that a hacker could exploit the vulnerability through common Internet protocols like SMTP.
"Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related privileges," he wrote in the advisory. "It also provides leverage for further network compromise."
RAR files are being used in increasing numbers by attackers to circumvent antivirus software. Until recently, many scanners did not look inside compressed files. But now that virus writers are trying to use them as payloads for malware, it has become necessary to do so.
However, the fact that this new feature can actually open up an entirely new vulnerability may be disconcerting to some.
Until it is fixed, Wheeler recommends that Symantec users turn off RAR scanning, and practice caution when downloading any RAR file.
Wheeler has labeled the flaw as "high risk." Secunia, a Danish security firm, labeled the vulnerability "highly critical" in an advisory issued Tuesday.
Affected software includes Symantec AntiVirus Corporate Edition 8 through 10, Symantec Norton AntiVirus, and Symantec Mail Security, among other products.
You people need to have actually use the product before bashing it!
Apparently no one here has used vesion 2006. I used it recently just because some expert thought that 2006 "finally got it right". I wanted to prove him wrong. Symantec will never get it right.
Version 2006 proved me wrong. It blew me away. It wouldn't even crash for me, even when I tried installing other AV programs. My jaw dropped. I hated Symantec products, their AV had more problems than viruses do...but Antivirus 2006 changed completely.
So guys please get a life doing things other than bashing a product you don't use. I'll remember never to bash AOL 10.0 until I use it and it's crappy. I can't imagine 9.0 to 10.0 could be so much opposite and impress me--but I'll hold the criticism until I at least give it a chance.
Score: 0
|There there. [pats head]
Score: 0
|Luckily I've switched to Avast. And if you really want to use a payed-for antivirus program, then just use Mcafee.
Score: 0
|Symantec? I mean really - what a POS company we're talking about. [tuts]
Score: 0
|Well, we never use this crappy software.
Use F-Secure!
Score: 0
|Avast is a far superior alternative, and it's free for home users.
Score: 0
|USE OR BUY AVG
Score: 0
|Well I have to say I use Symantec Corp 10 and even in these flaws found it hasnt effected me. I am also smart enough not to download mysterious .rar files. I have used Mcafee but the system resources kill my pc.
Score: 0
|Wow.
Symantec finds and removes backdoors....but will it find and remove itself?
Never been more glad I use NOD32.
Score: 0
|A problem with a Symantec product? and this is new? ....I coulda swore Symantec WAS a virus lol
I mean C'mon now, Symantec is one of the FEW companies out there that has to create a REMOVAL tool to remove it's own software because the uninstall feature NEVER works! rnav2003.exe symnrt.exe symclean.exe it's some funny stuff....
Score: 0
|ATI had to do the same for their old Catalyst drivers (not sure about the new ones)...so...Sym ain't the only one out there.
Score: 0
|never said they were the only "one" I said "one of the FEW" :) I know there are others...
Score: 0
|Yes, but ATI still hasn't even figured out how to write a driver.
The uninstall pales in comparison.
;-)
Score: 0
|Sadly true.
Score: 0
|Yeah, apparently the Windows Installer code is so very difficult to keep track of, lol.
Score: 0
|Yep, I've been waiting for MONTHS for ATI to fix a bug in their Linux driver that causes wide aspect displays to not work. IE: at 1280x800 you just get a black screen and the driver hangs. You can s***o the system to kill it but well that doesn't do much good.
The Windows driver isn't much better, the catalyst control panel is about as bloated as it gets.
Score: 0
|It's not going to happen. History has proven ATI could care less about Linux developement.
Score: 0
|Yep, I know.
They sure put on a good show though. Nothing like convincing customers that your product is supported only to find out that it doesn't work they way they claim it does.
Score: 0
|