Serious flaw in Symantec Antivirus Library

By Spike ยท 5 replies
Dec 22, 2005

    ...Basically, it seems that this article is saying that by sending you an email with a specially created RAR attachment, they would be able to comprimise and gain complete control of a computer with default settings without the user even opening the attachement - or even if the user chooses not to even read the email!

    Bad. Very bad.

    Crossposted by myself from News and Interesting links
  2. Tedster

    Tedster Techspot old timer..... Posts: 6,002   +15

    Norton has already patched this flaw a while ago.
  3. Spike

    Spike TS Evangelist Topic Starter Posts: 2,168

    Apologies if that is the case, but the article presents the impression that this is a new rar file related bug.

    edit - according the the inquirer, symantec have not released a patch for this one yet...
  4. jobeard

    jobeard TS Ambassador Posts: 11,128   +982

    it's primarily an Enterprise Edition issue
  5. Tedster

    Tedster Techspot old timer..... Posts: 6,002   +15

    hmmm..... looks like this is a second a newer flaw.... keep us posted....
  6. Spike

    Spike TS Evangelist Topic Starter Posts: 2,168

    Here's the symantec advisory - it mentions no patch just as yet, but symantec have produced an antivirus definition update to try to detect exploits of this vulnerability, and so an update of your definitions is advised if you havn't done so already (or better still, if you're using the consumer/home products, ditch them completely and get something else lol)...

    It does however contain a complete list of affected and disaffected products, and advice on how to stay protected untill a patch is released. Symantec state that they no reports of exploits of this vulnerability at this time have been made to them.

    Should you wish to search symantec for news on this vulnerability (none as yet), its reference is SYM05-027.

    While symantec has more enterprise products affected by this vulnerability, I suspect this is largely due to symantec having more enterprise products overall. The consumer products affected for Windows machines are...

    Norton AntiVirus - 2004, 2005, 2006
    Norton Internet Security Professional - 2004, 2005, 2006
    Norton SystemWorks - 2004, 2005, 2006
    Norton Personal Firewall - 2004, 2005, 2006
    Symantec AntiVirus for Handhelds (?*) - All

    * I don't acctually know if this product is used with windows or not.

    Clearly then, this is far more than primarily an enterprise issue.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...