Serious Flaw Hits Symantec AntiVirus
By Ed Oswald, BetaNews
May 26, 2006, 12:49 PM
Security research firm eEye warned Thursday that a high-risk vulnerability exists within Symantec's Norton AntiVirus 10.x that could allow for code execution. According to an advisory posted on eEye's Web site, the flaw does not require any user interaction to be exploited.
Especially troubling is the fact that that after the vulnerability is exploited, a hacker gains access to a command shell. This means that the attacker would be able to perform just about any action, and opens up the possibility of a worm automatically infecting systems.
The problem potentially affects millions of Symantec users, according to researchers. Over 200 million systems use Symantec's antivirus software.
Symantec is currently investigating eEye's claims but had nothing further to add at press time. It noted, however, that the company was prepared to offer a quick response and fix if necessary.
While proof-of-concept code is not publicly available at this time, it could be only a matter of time before hackers figure out ways to exploit the vulnerability. It is also possible they are doing so already, and security researchers aren't yet aware of it.
The Cupertino, Calif., based security software maker has been criticized for such issues and other missteps over the years. Recently, several problems have surfaced, including flaws in the company's Scan Engine product, as well as a critical flaw in the way it scans RAR files.
Additionally, Symantec has been caught using a rootkit-like feature in its products, and has suffered financial setbacks from a $1 billion tax bill owed by Veritas, which was bought by Symantec in 2004.