Symantec AntiVirus Hole Found

Hotwater Mountain writes "eWeek has a story about a gaping security flaw in the latest versions of Symantec's anti-virus software suite that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine 'without any user action.'"

Re:Details?

[neil.orourke]

http://www.smh.com.au/ had a writeup about this which said that Norton Internet Security guarded against this flaw in Norton AntiVirus. Go figure on the implications of that.

Consumer versions not affected

Coverage on http://www.cnn.com/2006/TECH/internet/05/25/antivi rus.flaw.ap/index.html CNN notes that it appears only the corporate version is affected.

"eEye said it appeared consumer versions of Symantec's Norton Antivirus software -- sold at retail outlets around the country -- were not vulnerable to the flaw, though consumers who are provided Symantec's corporate edition antivirus software by their employers for use at home may be affected."

Re:Throw me a friggin bone!

[skiflyer]

I didn't read this link, but I read it on CNN, and to answer your first two questions no... they very specifically said the real concern here is that a user can be attacked without doing anything.

As far as #3, the hows were unaddressed.

#4, it seems that at least several firewall packages block it just fine... but there was no discussion as to whether or not it was something special about the packages mentioned, or if it's just blocking some specific port that makes you safe.

eEye close to MS?

[fv]

I don't know why you think eEye has such close ties to MS. They have been embarrassing and exploiting the hell out of MS for years. They drive MS crazy by releasing powerful exploit code and giving conference presentations such as "Remote Windows Kernel Exploitation" (BlackHat 2005). I like these guys a lot :).

-Fyodor (Insecure.Org)