[ news_security_news ]
High Risk Vulnerability Discovered In Symantec Products
Chris Crum
Staff Writer
2005-12-21
 Security News RSS Feed
Symantec said Tuesday that a high risk vulnerability exists across a wide range of its products for both Windows and Mac machines.
The flaw can potentially allow hackers to take control over vulnerable systems. ZDNet UK explains:
The vulnerability is within Symantec AntiVirus Library, which provides file format support for virus analysis. "During decompression of RAR files, Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected," said security consultant Alex Wheeler, who first discovered the flaw. "These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP."
RAR is a native format for WinRAR, which is used to compress and decompress data. So far the vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and, according to Wheeler, potentially affects all Symantec products that use the DLL. The full list of products affected can be seen here.
So far, A patch has not been issued by Symantec.
About the Author:
Chris Crum is a staff writer for SecurityProNews and WebProNews.
More news_security_news Articles
Security News RSS Feed
|
|
