Symantec Warns Of Flaw In Antivirus Program

wadada

OSNN Senior Addict
Joined
5 Nov 2002
Messages
707
24.05.2004 14:44:16


Symantec Corp. is warning its customers about a security vulnerability within its antivirus application. The Internet security vendor ranks the flaw as "medium," while security research group Secunia pegged the flaw as "moderately critical."

The flaw, which resides within Symantec's Norton AntiVirus 2004 application, could let attackers run code of their choice on a user's system, launch unauthorized pop-ups, or even create a denial-of-service condition to freeze Symantec's antivirus application. Virus and worm writers are increasingly attempting to disable antivirus and personal firewall security applications, so a flaw such as this would be a prime target for virus writers seeking to disable a user's defenses.

The flaw resides within the way an ActiveX control within Norton AntiVirus fails to properly verify or validate information sent to it. Symantec recommends that all Norton AntiVirus users run the LiveUpdate feature to fix the ActiveX control security vulnerability.

According to Symantec's report, issued late Thursday, hackers attempting to launch malicious applications on a user's system would have to use malware already installed in the system and know the location of the application before being able to launch. The most likely scenario for this type of attack would be hackers luring users to download some type of malicious application from a Web site or to download an E-mail attachment.

It's the second time this month that Symantec users have been advised to patch their security applications. On May 12, Symantec posted a security advisory and a handful of patches to fix several flaws within its consumer and corporate security software. Those flaws affected the consumer versions of Norton AntiSpam, Norton Internet Security and Professional, as well as Norton Personal Firewall for the years 2002 through 2004. Security holes within Symantec's corporate security software, Symantec Client Firewall 5.01 and 5.1.1 and Symantec Client Security 1.0, 1.1, and 2.0 also were disclosed.


http://www.securitypipeline.com
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back