Symantec Patches Critical Flaws

Download our in-depth report: The Ultimate Guide to IT Security Vendors

SHARE

Network security firm Symantec has released patches for a critical flaw that affects several of its anti-spam and anti-virus products.

A remote access vulnerability, reported by Internet Security System's X-Force, was identified in an early version of the company's anti-virus scanning module responsible for parsing UPX compressed files used in some Symantec security products.

"This vulnerability can be triggered by an unauthenticated remote attacker, without user interaction, by sending an e-mail containing a crafted UPX file to the target Symantec AntiVirus Library on client, server, and gateway implementations," X-Force said in its advisory.

If exploited, the vulnerable engine could potentially result in remote arbitrary code execution and possibly compromise the targeted system, confirmed Symantec.

In response to the threat, the Calif.-based company issued a fix for the vulnerability discovered in the parsing engine module used in earlier versions of the Symantec scan engine and found in many of the company's consumer and enterprise security products. said.

Symantec said the vulnerability ISS identified in the original DEC2EXE engine is no longer used in company products. Newer and updated versions of Symantec software were not affected.

However, the flaw does affect nearly 30 of the company's titles including Symantec Mail Security, AntiVirus/Filtering, Symantec Web Security, Symantec BrightMail AntiSpam and Symantec AntiVirus Corporate Edition, according to the company.

Symantec strongly recommends that customers ensure their products are up-to-date to protect against the vulnerability. The company has not had any reports of related exploits of this vulnerability.

In related Symantec news, the company issued two security warnings citing increased incidences of a MyDoom variant moving in the wild and a Trojan horse attempting to steal passwords from financial Web sites.

The MyDoom variant, W32.Mydoom.AS@mm, is a mass-mailing worm that uses its own SMTP engine to send itself to the email addresses that it finds on the compromised computer, according to Symantec.

PWSteal.Bankash.A is the password-stealing Trojan horse that attempts to disable Microsoft's Anti-Spyware tool.