Monday, 29 May 2006
eEye Discovers Flaw in Symantec Business AV Software |
| |
|
| |
eEye Digital Security, a developer of endpoint security and vulnerability management software solutions, has discovered a remotely exploitable vulnerability that exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system level access.
They rated the threat as high because a hacker could exploit the flaw to get on a machine and edit, remove and delete programs and files without a user doing anything, such as clicking on a link.
Symantec was investigating and that the issue does not affect its popular Norton consumer brand of products, according to a report on Reuters. It confirmed eEye's finding that its Client Security 3.1 and AntiVirus Corporate Edition 10.1 offerings contained the flaw that Symantec said could allow a remote user to attack a machine.
"Fixes have been identified for all affected products and work on these fixes is ongoing," the company said in a statement. "To date, Symantec has not had any reports of any related exploits of this vulnerability." |
| |
|
|
| |
|
|
| |
|
|
| |
|
