|
Symantec Antivirus 10 Has Serious Vulnerability: eEye |
|
|
|
Written by Adam Gosling
|
|
Friday, 26 May 2006 |
The remotely exploitable vulnerability in Symantec Antivirus does not require any end user interaction for exploitation and can compromise affected systems, says Eye in an Upcoming Advisory.
The flaw would allow an attacker to remotely execute malicious code with System level access giving it virtually absolutely control overt he machine.
According to an Associated Press article, Symantec has responded by saying that it is investigating the issue, but could not immediately corroborate the vulnerability becuase it was news to them.
If this is true it could raise a few eYebrows in the security community. Traditionally companies are warned in private and given time to come up with a fix before a security company goes public with an announcement.
Although eEye says it has not released proof of concept or other details on the flaw and has pledged not to reveal details publicly that would help hackers develop an attack before Symantec can repair its software, it does plan to describe the problem in detail to some of its largest customers introducing the danger of details on the threat leaking out.
eEye Digital Security, the Californian company that discovered the vulnerability and provided evidence to Symantec engineers this week, has reportedly demonstrated the attack to Associated Press.
The problem affects Norton Antivirus Version 10 (including the corporate editions) but does not affect Symantec's current security suite - which includes both antivirus and firewall features, according to the AP story.
Related news items Newer news items
Older news items
|
|
|
|
