In association with heise online

30 April 2009, 15:50

Symantec patches more products

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Symantec has released updates for several of it's products to fix multiple security vulnerabilities. The Alert Management System 2 (AMS2) update patches four critical vulnerabilities that could be used to remotely compromise a system. AMS2 is part of the Symantec System Center, Symantec AntiVirus Server and Symantec AntiVirus Central Quarantine Server which listens for specific security related events on a computer network.

Several versions of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection are affected by a URL handling error that could allow an attacker to launch a phishing attack. The error could have allowed an error to display a message of their choice on the Reporting Server log-in screen.

Two parsing errors in the Symantec Log Viewer feature have been addressed that could have allowed specially crafted emails to pass a malicious script to the Symantec event log through JavaScript injection. Once loaded, the scripts could be executed if the user chooses the ‘View Logs - Email Filtering' option under Statistics. Norton 360 1.0, Norton Internet Security 2005 to 2008, Symantec AntiVirus 10.1 MR7 and Symantec Endpoint Protection 11.0 are all affected by the vulnerability.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit