Serious flaw in Symantec Antivirus Library

[Spike]

http://www.eweek.com/article2/0,1895,1903971,00.asp...

Wheeler recommends that users disable the scanning of RAR compressed files, including RAR self-extracting files.

Affected products include Symantec AntiVirus Corporate Edition 8.0, Symantec AntiVirus Corporate Edition, Symantec AntiVirus for Caching, Symantec AntiVirus for Microsoft Office, Symantec AntiVirus Scan Engine and Symantec BrightMail AntiSpam.

...Basically, it seems that this article is saying that by sending you an email with a specially created RAR attachment, they would be able to comprimise and gain complete control of a computer with default settings without the user even opening the attachement - or even if the user chooses not to even read the email!

Bad. Very bad.

Crossposted by myself from News and Interesting links

 

[Tedster]

Norton has already patched this flaw a while ago.

 

[Spike]

Apologies if that is the case, but the article presents the impression that this is a new rar file related bug.

edit - according the the inquirer, symantec have not released a patch for this one yet... http://www.theinquirer.net/?article=28496

 

[DelJo63]

it's primarily an Enterprise Edition issue

 

[Tedster]

hmmm..... looks like this is a second a newer flaw.... keep us posted....

 

[Spike]

Here's the symantec advisory - it mentions no patch just as yet, but symantec have produced an antivirus definition update to try to detect exploits of this vulnerability, and so an update of your definitions is advised if you havn't done so already (or better still, if you're using the consumer/home products, ditch them completely and get something else lol)...

http://securityresponse.symantec.com/avcenter/security/Content/2005.12.21b.html

It does however contain a complete list of affected and disaffected products, and advice on how to stay protected untill a patch is released. Symantec state that they no reports of exploits of this vulnerability at this time have been made to them.

Should you wish to search symantec for news on this vulnerability (none as yet), its reference is SYM05-027.

While symantec has more enterprise products affected by this vulnerability, I suspect this is largely due to symantec having more enterprise products overall. The consumer products affected for Windows machines are...

Norton AntiVirus - 2004, 2005, 2006
Norton Internet Security Professional - 2004, 2005, 2006
Norton SystemWorks - 2004, 2005, 2006
Norton Personal Firewall - 2004, 2005, 2006
Symantec AntiVirus for Handhelds (?*) - All

* I don't acctually know if this product is used with windows or not.

Clearly then, this is far more than primarily an enterprise issue.