Symantec Bug Not Likely To Be Hit By Worm, Says Rival
Internet Security Systems said in an online alert that although the vulnerability is serious, the likelihood of the flaw being leveraged by a worm is "low."
The vulnerability in Symantec's anti-virus line disclosed earlier this week isn't a big risk, a rival security firm said Friday.
Internet Security Systems' X-force research group said in an online alert that although the vulnerability is serious, the "likelihood of this vulnerability being leveraged by a worm is low."
The bug in Symantec's AntiVirus Library, a component shared among more than 60 titles in the Cupertino, Calif.-based company's security line-up, was made public earlier this week. The Library can be compromised by sending a malicious RAR archive file as an e-mail attachment, which then creates a heap overflow on the victimized PC or Mac. That condition could allow the attacker to introduce his own code remotely, without any user interaction.
Internet Security System (ISS), however, noted that a successful exploitation of the flaw requires a very large RAR file, one in the 35-40MB range.
"Files this large are not generally passed by mail servers and [so we] can eliminate this as a vector for a worm," continued the ISS alert.
Symantec has pushed out an update that should spot any attempt to exploit the bug, but it has not yet produced patches to fix the underlying flaw.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.