19 September 2006, 15:21

Format string vulnerability in Symantec's AntiVirus Corporate Edition

Symantec has publicised security holes in its AntiVirus Corporate Edition 10.0, 9.x and 8.1 products, as well as Symantec Client Security 3.0, 2.x and 1.x. Locally registered users with restricted privileges could exploit a format string vulnerability in the virus alert notification to launch programs with system rights. In principle, malicious code already planted in this way could also achieve system rights and bypass the virus protection.

An additional format string vulnerability involving the processing of alert notifications can cause the scanner's real-time protection functionality to crash. Symantec has released an update that is already been distributed via LiveUpdate.

Format string vulnerability in Symantec's AntiVirus Corporate Edition

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit