Symantec Antivirus May Execute Virus Code

Posted by Zonk on Thursday February 10, 2005 @03:35AM from the antivirus-not-so-anti dept.

An anonymous reader writes "Symantec has admitted that a serious vulnerability exists in the way its scanning engine handles Ultimate Packer for Executables. According to a ZDNet article, this means the scanner would execute the malicious program instead of catching it. Tim Hartman, senior technical director for Symantec Asia Pacific, said: "A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well"" Symantec recommends you immediately patch your software.

1 of 388 comments (clear)

Min score:

Reason:

Sort:

Surprisingly honest by phorm · 2005-02-10 03:45 · Score: 5, Interesting

I'm actually quite surprised that Symantec posted the notice about this publicly, rather than simply including an update in its next online patch.
br Definately a bad vulnerability, but kudos for being honest about it. I wonder though how liable they are to damages... not good when antivirus software actually ends up trigging the infection.