Slashdot Mirror

← Back to Stories (view on slashdot.org)

Symantec Confirms AV Library Flaw, Promises Patch

Posted by CowboyNeal on from the watching-the-watchmen dept.

the_flyswatter writes "Anti-virus vendor Symantec Corp. has publicly acknowledged that a high-risk buffer overflow vulnerability in its AntiVirus Library could lead to code execution attacks when RAR archive files are scanned. The company confirmed the issue was a buffer overflow in the AntiVirus component used to decompose RAR (Roshal Archive) files. 'A specially crafted RAR file could potentially cause this buffer overflow to occur and execute hostile content from the RAR file,' the advisory read. The bug also affects 15 consumer products, including the widely deployed Symantec Norton AntiVirus, Symantec Norton Internet Security Professional, Norton Personal Firewall and Symantec Norton Internet Security for Macintosh."

5 of 133 comments (clear)

  1. That's what you get for by letdinosaursdie · · Score: 5, Insightful

    The Microsoft solution to the Microsoft solution to the Microsoft solution to the Microsoft solution to the...

  2. Re:Inherent problems with AV software by MichaelSmith · · Score: 4, Insightful
    No thanks, AV software!

    The exploit you really have to look out for is the one I send to you get a specific bit of information off your system, which sends the info to a maildrop and then deletes itself without ever calling attention to itself.

    The viruses which propogate all over the place and get their footprints into antivirus databases are jokes, really.

    --
    http://michaelsmith.id.au
  3. Morons by Anonymous Coward · · Score: 4, Insightful
    The Windows worlds most widely deployed AV solution uses MSHtml to render it's GUI, that doesn't exactly inspire faith in symantec products. Security products should do one thing well, the very concept of the all encompassing consumer 'security' application suite is flawed and yet almost every Windows desktop security product has additional 'features'.

    Computer security is not availiable in click-wrapped form, it's about time that companies stopped marketing software as some cure-all for lack of user education.

  4. Tell uniformed users what AV can & can't do by Quirk · · Score: 4, Insightful
    I stopped using Symantec Products when I moved on from Windows 98 as a multimedia/game/web OS. Symatec products burrowed too deep into the OS, were impossible to elegantly uninstall, and, the Norton Tool set really wasn't as necessary as it once was.

    I figured Peter had unfolded his arms, dressed in a dinner jacket, and, gone out to celebrate having become one of the nouveau riche.

    My biggest beef is not with the AV makers, but, rather, with the retail sales people who sell AV software and tell unknowledgeable buyers that their system is now protected against all malware, because, superduper AV ware scans everything before you use it and ensures no malware can execute.

    I try to explain to people that AV is alot like a flu shot. It's good enough to give you some protection from the bugs we know are out there but is ineffective against the new, bad stuff coming down the pike.

    --
    "Academicians are more likely to share each other's toothbrush than each other's nomenclature."
    Cohen
  5. only version 10.x of Corporate Edition ... by Anonymous Coward · · Score: 4, Insightful

    So according to the Symantec advisory the vulnerability is only present in version 10.x of the Corporate Edition. And there I was, thinking it was about time to upgrade from 8.1 that we're running at work ... not anymore!