Major flaw affects multiple Symantec products

Symantec fixes a high-risk vulnerability affecting a variety of products.

Many an IT staffer already plans to work overtime this weekend installing the avalanche of security patches Microsoft unloaded Tuesday. Now, those using Symantec may be working a little longer.

The Cupertino, Calif.-based antivirus giant is asking users who haven't already done so to upgrade to the latest version of its products to plug a security hole affecting a number of its programs.

Read more on security flaws

Microsoft issues critical fixes

Understanding the 'hole' truth

Sasser shows there must be a better way

The high-risk vulnerability, reported by Internet Security Systems's (ISS) X-Force, was identified in an early version of a Symantec antivirus scanning module responsible for parsing .upx compressed files.

"The vulnerable component fails to do proper bounds checks when analyzing certain container files for virus content," Symantec said in its advisory. "An attacker sending a specifically crafted .upx file could potentially compromise the targeted system."

The vulnerability affects the following Symantec products:

  • Gateway Security 1.0/2.0
  • Norton Internet Security 2004
  • Norton Internet Security 2004 Professional
  • Norton SystemWorks 2004
  • AntiVirus Corporate Edition 8.0/9.0
  • AntiVirus for Caching 4.0
  • AntiVirus for Network Attached Storage 4.0
  • AntiVirus for SMTP Gateways 3.0
  • AntiVirus Scan Engine 4.0
  • Symantec AntiVirus/Filtering for Domino
  • Brightmail AntiSpam 4.0/5.0
  • Client Security 1.0/2.0
  • Mail Security for Exchange 4.0
  • Mail Security for SMTP 4.0
  • Norton AntiVirus 2004
  • Norton AntiVirus for Microsoft Exchange 2.0
  • Web Security 3.0

Symantec recommended users keep vendor-supplied patches for all application software and operating systems updated. "Symantec strongly recommends customers, if they are not already running a current non-vulnerable product version/build, upgrade to their appropriate product update immediately to protect against these types of threats," the company said.

Dig deeper on Security patch management and Windows Patch Tuesday news

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close