«
»

Serious Symantec Antivirus Vulnerability



A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It’s always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made rar archive could make a hidden virus or worm in the archive run. It could be exploited remotely, in other words, as Symantec scans the file/attachments in email, the specially crafted rar file could make Symantec run the enclosed bug.


Alex Wheeler, a security researcher who recently left Internet Security Systems’ said there is a problem in the way that Symantec’s software unwraps RAR files, a form of file compression similar to ZIP files. Wheeler found that a virus or worm hidden inside a specially crafted RAR file could be made to run on the user’s machine and allow attackers to take complete control over computers running the program.

Here’s a list of affected products…

According to the Symantec advisory, this problem affects Symantec Antivirus Corporate Edition, Symantec Brightmail Anti-Spam, Symantec Client Security, Symantec Gateway Security, Norton Antivirus (for Windows and Mac), Norton Antivirus for MS Exchange, and Norton Internet Security.

There is currently no fix, the only workaround suggested by symantec is disabling the scanning of rar files. There’s a good walkthrough of disabling this for home users at The PC Doctor.

Here’s a summary of the vulnerability at securityfocus. Currently many bugs use rar archives to travel in, including the current dasher worm.

Keep an eye out for updates.

–update 12/21/05–

According to the SANS institute it looks as though symantec has released a definition update that detects the malformed Rar’s as a possible workaround until they get a true fix together. The pattern is titled Bloodhound.Exploit.55

–update 12/22/05–

Still no real fix, just the hueristic detection mentioned in the last update, but according to this article, 63 products are affected.

Popularity: 1% [?]

PDF Printer    Send article as PDF   
Blog Traffic Exchange Related Posts
  • Pretty, shiny usb drive is all it takes to compromise security.... Sometimes you just want to cry... This writeup is an example of the "soft underbelly" of every network's security plan... the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were......
  • Google tightens Google Desktop security to avoid IE bug Last week there was word of a bug in Internet Explorer that would allow users of Google Desktop to be vulnerable to having the files on their machine viewed from a malicious website. Today, there is news that Google has made changes on thier site that prevent that flaw from......
  • Big Windows June update day Updates for Windows for the month of June are out today and it looks like some list! 12 updates covering 20 or more vulnerabilities. MANY of these are tagged as critical. (Critical vulnerabilities are considered remotely exploited or with little (or no) user interaction.) Sans has a good listing of......
Blog Traffic Exchange Related Websites
  • Creating a Blog Video Online About two years ago, blogging hit a surge that allowed its way into the mainstream, and now everybody is blogging for a wide variety of different reasons. Blogs resemble web-based public diaries of sorts, where the creator can record their thoughts, their opinions, questions and answers and essentially anything else......
  • World Wide Web Security Essentials Is Not A Real Spyware Remover. It Resembles The Functions And Looks World wide web Security Essentials is not a real spyware remover. It resembles the functions and looks of genuine spyware removal software but has no capacity to eliminate any virus, trojan or malware. Web Security Essentials is the newest addition to the growing list of rogue Antivirus programs. Internet Security......
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 | Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......

Similar Posts


This entry was posted on Tuesday, December 20th, 2005 at 5:34 pm and is filed under Computers, Security, Software, Windows. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.

Switch to our mobile site