01:09 PM
Connect Directly

Symantec Bug Not Likely To Be Hit By Worm, Says Rival

Internet Security Systems said in an online alert that although the vulnerability is serious, the likelihood of the flaw being leveraged by a worm is "low."

The vulnerability in Symantec's anti-virus line disclosed earlier this week isn't a big risk, a rival security firm said Friday.

Internet Security Systems' X-force research group said in an online alert that although the vulnerability is serious, the "likelihood of this vulnerability being leveraged by a worm is low."

The bug in Symantec's AntiVirus Library, a component shared among more than 60 titles in the Cupertino, Calif.-based company's security line-up, was made public earlier this week. The Library can be compromised by sending a malicious RAR archive file as an e-mail attachment, which then creates a heap overflow on the victimized PC or Mac. That condition could allow the attacker to introduce his own code remotely, without any user interaction.

Internet Security System (ISS), however, noted that a successful exploitation of the flaw requires a very large RAR file, one in the 35-40MB range.

"Files this large are not generally passed by mail servers and [so we] can eliminate this as a vector for a worm," continued the ISS alert.

Symantec has pushed out an update that should spot any attempt to exploit the bug, but it has not yet produced patches to fix the underlying flaw.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.