Network security firm Symantec A remote access vulnerability, reported by Internet Security System's X-Force, was identified in an early version of the company's anti-virus scanning module responsible for parsing UPX compressed files used in some Symantec security products. "This vulnerability can be triggered by an unauthenticated remote
attacker, without user interaction, by sending an e-mail containing a
crafted UPX file to the target Symantec AntiVirus Library on client, server, and gateway implementations," X-Force said in its advisory. If exploited, the vulnerable engine could potentially result in remote arbitrary code execution and possibly compromise the targeted system, confirmed Symantec. In response to the threat, the Calif.-based company issued a fix for the vulnerability discovered in the parsing engine module used in earlier versions of the Symantec scan engine and found in many of the company's
consumer and enterprise security products.
said. Symantec said the vulnerability ISS identified in the original DEC2EXE
engine is no longer used in company products. Newer and updated versions of
Symantec software were not affected. However, the flaw does affect nearly 30 of the company's titles including
Symantec Mail Security, AntiVirus/Filtering, Symantec Web Security, Symantec
BrightMail AntiSpam and Symantec AntiVirus Corporate Edition, according to
the company. Symantec strongly recommends that customers ensure their products are
up-to-date to protect against the vulnerability. The company has not had any
reports of related exploits of this vulnerability. In related Symantec news, the company issued two security warnings citing
increased incidences of a MyDoom variant moving in the wild and a Trojan
horse attempting to steal passwords from financial Web sites. The MyDoom variant, W32.Mydoom.AS@mm, is a mass-mailing worm that uses
its own SMTP engine to send itself to the email addresses that it finds on
the compromised computer, according to Symantec. PWSteal.Bankash.A is the password-stealing Trojan horse that attempts to
disable Microsoft's Anti-Spyware tool. has released patches for a critical flaw that affects several of its anti-spam and anti-virus products.
Submit a Comment
Loading Comments...