In association with heise online

19 September 2006, 14:21

Format string vulnerability in Symantec's AntiVirus Corporate Edition

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has publicised security holes in its AntiVirus Corporate Edition 10.0, 9.x and 8.1 products, as well as Symantec Client Security 3.0, 2.x and 1.x. Locally registered users with restricted privileges could exploit a format string vulnerability in the virus alert notification to launch programs with system rights. In principle, malicious code already planted in this way could also achieve system rights and bypass the virus protection.

An additional format string vulnerability involving the processing of alert notifications can cause the scanner's real-time protection functionality to crash. Symantec has released an update that is already been distributed via LiveUpdate.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit