Serious Symantec Antivirus Vulnerability



A few things to catch up on this afternoon, but first up is a Serious vulnerability in Symantec Antivirus. (It’s always serious when security software has a vulnerability.) The securityfix is reporting that a vulnerability has been discovered in the way Symantec deals with rar archived files. A specially made rar archive could make a hidden virus or worm in the archive run. It could be exploited remotely, in other words, as Symantec scans the file/attachments in email, the specially crafted rar file could make Symantec run the enclosed bug.


Alex Wheeler, a security researcher who recently left Internet Security Systems’ said there is a problem in the way that Symantec’s software unwraps RAR files, a form of file compression similar to ZIP files. Wheeler found that a virus or worm hidden inside a specially crafted RAR file could be made to run on the user’s machine and allow attackers to take complete control over computers running the program.

Here’s a list of affected products…

According to the Symantec advisory, this problem affects Symantec Antivirus Corporate Edition, Symantec Brightmail Anti-Spam, Symantec Client Security, Symantec Gateway Security, Norton Antivirus (for Windows and Mac), Norton Antivirus for MS Exchange, and Norton Internet Security.

There is currently no fix, the only workaround suggested by symantec is disabling the scanning of rar files. There’s a good walkthrough of disabling this for home users at The PC Doctor.

Here’s a summary of the vulnerability at securityfocus. Currently many bugs use rar archives to travel in, including the current dasher worm.

Keep an eye out for updates.

–update 12/21/05–

According to the SANS institute it looks as though symantec has released a definition update that detects the malformed Rar’s as a possible workaround until they get a true fix together. The pattern is titled Bloodhound.Exploit.55

–update 12/22/05–

Still no real fix, just the hueristic detection mentioned in the last update, but according to this article, 63 products are affected.

Related Posts

Blog Traffic Exchange Related Posts
  • Pretty, shiny usb drive is all it takes to compromise security.... Sometimes you just want to cry... This writeup is an example of the "soft underbelly" of every network's security plan... the users. Basically, you have a group that was hired to do a computer security audit of a credit union. They were told that some of the main concerns were......
  • Microsoft's priorities... I didn't really think of this in context, but George Ou points out that Microsoft issued an "out of cycle" patch for their DRM software in response to the FairUse4WM software that stripped DRM protections from Windows Media Files. It took a mere 3 days from being made aware of......
  • RealVNC 4.1.2 update to patch security vulnerability A few hours back, I updated My first post on the RealVNC 4.1.1 vulnerability and just saw another story that did not specify WHICH variation of VNC was at risk. TightVNC and UltraVNC seem to be immune according to the discoverer of the flaw. And as far as I've seen,......
Blog Traffic Exchange Related Websites
  • Microsoft ships Windows 7 SP1 and Windows Server 2008 R2 SP1 Microsoft has released the Service Pack 1 (SP1) update for Windows 7 and Windows Server 2008 R2. The update is available via the Microsoft's Update Center or Windows Update. The service pack releases add to the performance improvements and security enhancements to the existing versions of corresponding operating systems. Below......
  • Beware of Free Registry Cleaner-Scam Might Lurk Beneath It Hold on a second when you want to click that download button on what they claim as free registry cleaner and repairer. Internet scam might lurk beneath it. Before we move further, I should make things clear first. Honestly, what are you expecting from a free registry cleaner and repairer?A......
  • Revir Malware for OS X Undergoes Revision Topher Kesslerof CNET wrote an interesting article about the PDF-based malware threat for the Mac OS X.  Apple had released a new security update, updating its malware definition, aimed at protecting Mac users from this threat, but according to Kessler's article, it seems to have been revised. Read more: http://www.itproportal.com/2011/09/27/apple-counters-pdf-trojan-threat-malware-definition-update/#ixzz1ZvQRk8xN......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site