• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Symantec Warns Of Flaw In Antivirus Program

#1
24.05.2004 14:44:16


Symantec Corp. is warning its customers about a security vulnerability within its antivirus application. The Internet security vendor ranks the flaw as "medium," while security research group Secunia pegged the flaw as "moderately critical."

The flaw, which resides within Symantec's Norton AntiVirus 2004 application, could let attackers run code of their choice on a user's system, launch unauthorized pop-ups, or even create a denial-of-service condition to freeze Symantec's antivirus application. Virus and worm writers are increasingly attempting to disable antivirus and personal firewall security applications, so a flaw such as this would be a prime target for virus writers seeking to disable a user's defenses.

The flaw resides within the way an ActiveX control within Norton AntiVirus fails to properly verify or validate information sent to it. Symantec recommends that all Norton AntiVirus users run the LiveUpdate feature to fix the ActiveX control security vulnerability.

According to Symantec's report, issued late Thursday, hackers attempting to launch malicious applications on a user's system would have to use malware already installed in the system and know the location of the application before being able to launch. The most likely scenario for this type of attack would be hackers luring users to download some type of malicious application from a Web site or to download an E-mail attachment.

It's the second time this month that Symantec users have been advised to patch their security applications. On May 12, Symantec posted a security advisory and a handful of patches to fix several flaws within its consumer and corporate security software. Those flaws affected the consumer versions of Norton AntiSpam, Norton Internet Security and Professional, as well as Norton Personal Firewall for the years 2002 through 2004. Security holes within Symantec's corporate security software, Symantec Client Firewall 5.01 and 5.1.1 and Symantec Client Security 1.0, 1.1, and 2.0 also were disclosed.


http://www.securitypipeline.com
 

Members online

No members online now.

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies