Symantec anti-virus flaw hits 30 products
Updates issued for critical bug, calamity averted
A cross-platform flaw affecting many Symantec security products - both consumer and enterprise - has been discovered. Users of Symantec's Norton SystemWorks 2004, Norton SystemWorks 2004 (both Mac and Windows), Norton AntiVirus 2004, corporate anti-virus apps and Brightmail anti-spam software (among others) all need to apply patches following the discovery of the "highly critical" security bug. In all 30 packages are affected.
The vulnerability stems from a flaw in an antivirus scanning component (called the DEC2EXE parsing engine) involving the processing of UPX compressed files. Maliciously constructed UPX files could be created to cause a heap-based buffer overflow. This in turn makes it possible for malicious hackers to inject hostile code onto vulnerable systems, allowing them to be taken over by attackers.
Symantec said the vulnerable EC2EXE engine is no longer required to parse compressed files. It had already planned to dispense with the component across its product range and the discovery of vulnerability by security tools vendor ISS has simply brought forward this process. Update details are here. ISS's alert is here. ®