Symantec Confirms AV Library Flaw, Promises Patch

← Back to Stories (view on slashdot.org)

Symantec Confirms AV Library Flaw, Promises Patch

Posted by CowboyNeal on Thursday December 22, 2005 @10:35PM from the watching-the-watchmen dept.

the_flyswatter writes "Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned. The company confirmed the issue was a buffer overflow in the AntiVirus component used to decompose RAR (Roshal Archive) files. 'A specially crafted RAR file could potentially cause this buffer overflow to occur and execute hostile content from the RAR file,' the advisory read. The bug also affects 15 consumer products, including the widely deployed Symantec Norton AntiVirus, Symantec Norton Internet Security Professional, Norton Personal Firewall and Symantec Norton Internet Security for Macintosh."

6 of 133 comments (clear)

You know what this means - by mtrisk · 2005-12-22 22:38 · Score: 4, Funny

Installing Symantec on your Mac makes it LESS secure than it was before.

How ironic...

--

Without a proper flamewar, Anonymous was undecided on what shell to run.
1. Re:You know what this means - by moro_666 · 2005-12-22 23:21 · Score: 3, Funny
  
  It's also pretty ironic that if you wouldn't have symantec installed, you'd be safe from the virus in the rar archives.
  
  Getting your machine infected because you have an antivirus installed is definitely a new thing, way to go Symantec :)
  
  ps. why is there no (or where is it ?) opensource antivirus software for windows ? sure it would be heavy work to keep it up with all the viruses. but with some support from some foundations it would be a good thing.
  
  next thing coming along will drm software that prevents drm from protecting the content.... sony's turn ....
  
  --
  
  I'd tell you the chances of this story being a dupe, but you wouldn't like it.
2. Re:You know what this means - by Scarblac · 2005-12-23 00:00 · Score: 4, Funny
  
  Actually, anti-virus software is nothing but snake oil and a money grab these days.
  
  Why?
  
  Once you get pwned, your system has been compromised. It's time for vetting any data, a thorough purge and reinstall.
  
  Gee, that sounds serious, and these viruses don't tell you that they've just installed themselves. What someone should make then is some sort of software that scans your system for viruses and warns you if your system has been compromised...
  
  --
  I believe posters are recognized by their sig. So I made one.
Wait wait wait... by Spazholio · 2005-12-22 23:30 · Score: 4, Funny

Fuck this "buffer overflow" crap. You mean to tell me RAR actually stands for something?
Re:Inherent problems with AV software by wombatmobile · 2005-12-23 00:21 · Score: 3, Funny

And the part about "Formatting Windows" only make it sound like you're incompetent.

Give me a break, please. I just swapped over from CP/M.
Re:Deep Freeze by Cecil · 2005-12-23 03:48 · Score: 2, Funny

Oh. So you're to blame for all the spam I get. Thanks, asshole.

Running a virus for 24 hours really sucks anyway. Also, I hope you never run into one that flashes your BIOS.

--
Random and weird software I've written.