Feeds

Symantec and Trend grapple with buffer overflow bugs

Who guards the guards?

Secure remote control for conventional and virtual desktops

Security products from both Trend Micro and Symantec - two of the big three anti-virus players - have become the subject of serious security vulnerabilities.

Errors in Symantec's Decomposer engine create a denial of service or system compromise risk for several enterprise security products (such as Mail Security for Microsoft Exchange and AntiVirus for Network Attached Storage).

Vulnerabilities triggered when processing malformed RAR archive files might be used to inject malware onto vulnerable systems (in the most serious case) or crash servers.

Security researchers at iDefense discovered the flaws. Symantec published an advisory on Tuesday explaining how sys admins can update their software.

Decomposer components decompress or unpack files. The components have been something of a weak spot in Symantec products of late. As well as being the root cause of the latest security bugs, troubles in updating Decomposer files were behind an error-generating bug that caused all sorts of grief for corporate sys admins earlier this month.

Separately, independent security researchers have discovered buffer overflow bugs in OfficeScan and Policy Server software packages from Trend Micro. Sys admins are advised to restrict network access to the services pending the availability of patches. ®

Beginner's guide to SSL certificates

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?