Researchers at intrusion prevention software company eEye Digital
Security brought the vulnerability to the attention of Symantec and the
world yesterday. Symantec has since confirmed the vulnerability as
genuine and affecting its Symantec Client Security 3.1 and Antivirus
Corporate Edition 10.1 products.
"Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system," a Symantec statement says.
"Symantec would like to thank eEye Digital Security for reporting this issue, and working with us on the resolution."
Symantec has released a range of IDS to signatures, available to customers via its LiveUpdate service, to detect attempts to exploit the flaw. It has also released a range of IPS signatures via LiveUpdate saying:
"As a mitigation strategy, Symantec Security Response has also made available IPS signatures for Symantec Client Security to protect against exploits of the described vulnerability. Symantec recommends customers immediately apply the latest Security Update to protect against potential related attacks."