Symantec sees eye-to-eye with eEye on critical antivirus flaw

Stan Beer
Saturday, 27 May 2006 08:32

Business IT - Security

Symantec has acknowledged the vulnerability in its Symantec Client Security and Symantec AntiVirus Corporate Edition (note: Norton Antivirus is not affected as previously reported) as a high impact risk and has issued a range of intrusion detection signatures (IDS) and intrusion prevention signatures as an interim fix for users.

Researchers at intrusion prevention software company eEye Digital Security brought the vulnerability to the attention of Symantec and the world yesterday. Symantec has since confirmed the vulnerability as genuine and affecting its Symantec Client Security 3.1 and Antivirus Corporate Edition 10.1 products.

"Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system," a Symantec statement says.

"Symantec would like to thank eEye Digital Security for reporting this issue, and working with us on the resolution."

Symantec has released a range of IDS to signatures, available to customers via its LiveUpdate service, to detect attempts to exploit the flaw. It has also released a range of IPS signatures via LiveUpdate saying:

"As a mitigation strategy, Symantec Security Response has also made available IPS signatures for Symantec Client Security to protect against exploits of the described vulnerability. Symantec recommends customers immediately apply the latest Security Update to protect against potential related attacks."