Symantec Fixes Security Holes

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Security software firm Symantec was forced to issue patches for vulnerabilities found in some of its popular anti-virus products that could allow malicious hackers to use Denial of Service (DoS) attacks to crash systems running the software and disrupting automatic protection features.

The company posted a notice on its Web page this week that described the two DoS vulnerabilities in the 2004 and 2005 editions of its Norton Antivirus, Norton Internet Security and Norton System Works products.

Symantec has since patched the holes and released software updates to users of the LiveUpdate, an automatic update service. Systems that are not patched could be susceptible to remote attack through e-mail or the Web, the company warned on its Web site.

The holes found in the AutoProtect feature, which were discovered by Japans IT Promotion Agency and Computer Emergency Response Team, can lead to the crash of a user's computer.

Auto-Protect scans files sent from the Internet, removable disks or e-mail attachments and searches for viruses, Trojans and other malicious code. The SmartScan feature allows Norton Antivirus to scan specific types of files often associated with malicious code, such as EXE and DOC files, according to the company.

Symantec rated the two holes as "low risks" and said the company is not aware of any security breaches as a result of the vulnerability. Customers were advised to run LiveUpdate for any affected products until all available product updates are downloaded and installed.

This is the second time in a little more than a month that Symantec has had to issue patches against a vulnerability found in anti-virus programs.

As previously reported by internetnews.com, the company released patches for a critical flaw that affects several of its anti-spam and anti-virus products. A remote access vulnerability was identified in an early version of the company's anti-virus scanning module responsible for parsing UPX compressed files used in some Symantec security products.