'High' risk in Symantec antivirus software flaw

Summary:Symantec's antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company said late on Tuesday.According to Symantec, the bug, which affects a range of the company's security products, is a "high" risk.

Symantec's antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company said late on Tuesday.

According to Symantec, the bug, which affects a range of the company's security products, is a "high" risk. Denmark security company Secunia has labelled it "highly critical."

According to an advisory issued by Secunia, the bug affects most of Symantec's products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, across the Windows and Macintosh platforms.

The vulnerability is within Symantec AntiVirus Library, which provides file format support for virus analysis. "During decompression of RAR files, Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected," said security consultant Alex Wheeler, who first discovered the flaw. "These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP."

RAR is a native format for WinRAR, which is used to compress and decompress data. So far, the vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and, according to Wheeler, potentially affects all Symantec products that use the DLL. The full list of products affected can be seen here.

Symantec has not yet released a patch to address this problem. In the meantime, Wheeler recommends that users "disable scanning of RAR-compressed files until the vulnerable code is fixed."

This is not the first vulnerability Wheeler has discovered. In October, he highlighted a similar flaw in Kaspersky Lab's antivirus software, which was later acknowledged by the company. Again, it was a heap overflow vulnerability.

In February, he found a different heap overflow vulnerability in Symantec's antivirus software.

ZDNet UK's Colin Barker reported from London. For more coverage from ZDNet UK, click here.

Topics: Symantec, Security

About

Colin has been a computer journalist for some 30 years having started in the business the same year that the IBM PC was launched, although the first piece he wrote was about computer audit. He was at one time editor of Computing magazine in London and prior to that held a number of editing jobs, including time spent at the late DEC Compu... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.