Symantec releases patches for a vulnerability found in a large number of its products, including flagship titles such as BrightMail AntiSpam, AntiVirus Corporate Edition, and its 2004 consumer slate.
Symantec on Tuesday released patches for a vulnerability found in a large number of its products, including flagship titles such as BrightMail AntiSpam, AntiVirus Corporate Edition, and its 2004 consumer slate.
According to rival Internet Security Systems' X-Force research group, which discovered the flaw, the bug is in the DEC2EXE module of the Symantec Antivirus Library, a part of the scanning engine that's able to peek into compressed executable files squeezed with the UPX (Ultimate Packer for eXecutables) format.
"This vulnerability can be triggered by an unauthenticated remote attacker,
without user interaction, by sending an e-mail containing a crafted
UPX file to the target Symantec AntiVirus Library on client, server,
and gateway implementations," said X-Force in its advisory. A successful attack could give the attacker complete control of the supposedly-protected system.
Symantec ranked the danger as "High," while Danish security firm Secunia, which also posted a warning, rated it as "Highly Critical."
Symantec posted a security alert on its Web site that listed the 29 vulnerable Windows (and Macintosh) products, along with recommendations to update and/or upgrade the flawed software.
The Cupertino, Calif.-based security giant spun the news by claiming that even before ISS notified it of the vulnerability, it had already removed the DEC2EXE module from the scan engine upgrades in most of its products. It now plans to strip the offending module from all affected versions during upcoming maintenance releases.
Even though a rival dug up the bug, there didn't seem to be any ill feelings on Symantec's part. "Symantec appreciates the actions of the X-Force research team and X-Force's Alex Wheeler in particular for identifying this issue to Symantec and their cooperation and coordination while Symantec worked to resolve all issues," the company said in a statement.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.