Symantec patches more products
Symantec has released updates for several of it's products to fix multiple security vulnerabilities. The Alert Management System 2 (AMS2) update patches four critical vulnerabilities that could be used to remotely compromise a system. AMS2 is part of the Symantec System Center, Symantec AntiVirus Server and Symantec AntiVirus Central Quarantine Server which listens for specific security related events on a computer network.
Several versions of Symantec AntiVirus Corporate Edition, Symantec Client Security and Symantec Endpoint Protection are affected by a URL handling error that could allow an attacker to launch a phishing attack. The error could have allowed an error to display a message of their choice on the Reporting Server log-in screen.
Two parsing errors in the Symantec Log Viewer feature have been addressed that could have allowed specially crafted emails to pass a malicious script to the Symantec event log through JavaScript injection. Once loaded, the scripts could be executed if the user chooses the ‘View Logs - Email Filtering' option under Statistics. Norton 360 1.0, Norton Internet Security 2005 to 2008, Symantec AntiVirus 10.1 MR7 and Symantec Endpoint Protection 11.0 are all affected by the vulnerability.
See also:
- Symantec Alert Management System 2 multiple vulnerabilities, advisory from Symantec.
- Symantec Reporting Server Improper URL Handling Exposure, advisory from Symantec.
- Symantec Log Viewer JavaScript Injection Vulnerabilities, advisory from Symantec.
(crve)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
