Symantec security products hit by high-risk flaw

Symantec security products hit by high-risk flaw

Summary: The bug affects most of Symantec's products, including enterprise and home user software, across both the Windows and Macintosh platforms

TOPICS: Security

Symantec's antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company admitted late on Tuesday.

According to Symantec the bug, which affects a range of the company's security products, is a "high" risk, while the Danish security specialists Secunia have labelled it as "highly critical".

According to an advisory issued by Secunia, the bug affects most of Symantec's products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, across both the Windows and Macintosh platforms.

The vulnerability is within Symantec AntiVirus Library, which provides file format support for virus analysis. "During decompression of RAR files, Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected," said security consultant Alex Wheeler, who first discovered the flaw. "These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP."

RAR is a native format for WinRAR, which is used to compress and decompress data. So far the vulnerability has been reported in Dec2Rar.dll version and, according to Wheeler, potentially affects all Symantec products that use the DLL. The full list of products affected can be seen here.

Symantec has not yet released a patch to address this problem. In the meantime, Wheeler recommends that users "disable scanning of RAR compressed files until the vulnerable code is fixed".

This is not the first vulnerability that Wheeler has discovered. In October, he highlighted a similar flaw in Kaspersky Labs' antivirus software which was later acknowledged by the company. Again it was a heap overflow vulnerability.

In February he signalled a different heap overflow vulnerability in Symantec's antivirus software.

Topic: Security


Colin Barker is based in London and is Senior Reporter for ZDNet. He has been writing about the IT business for some 30-plus years. He still enjoys it.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • McAfee Vulnerabilities found in 2005: 23

    Norton Vulnerabilities found in 2005: 24

    Symantec Vulnerabilities found in 2005: 25

    NOTE: McAfee/Norton/Symantec are all the same company, so collectively one
    Antivirus Company had 72 reported vulnerabilities in 2005 while AVG7-Free
    had zero. This is why I like AVG, and prefer removal of those other 3 listed above when I consult..

    AVG7 Free (Grisoft) Vulnerabilities found in 2005: 0
  • I work for a high school that uses all macs, so far no one has been affected, but we really should get rid of these macs pretty quickly huh?