Vulnerabilities have surfaced in antivirus products from Symantec Corp. and McAfee Inc. Symantec reported flaws in its AntiVirus Library in a message to customers of its DeepSight Threat Management System Tuesday. The library "has been found prone to multiple heap overflow vulnerabilities when scanning malformed .rar [archive files]," the Cupertino, Calif.-based company said. AntiVirus Library is a component of various Symantec products that detects malware by parsing a number of files in different formats. "The issues can be leveraged remotely to gain complete control over the affected system. Exploitation can occur without user interaction over protocols such as SMTP (Simple Mail Transfer Protocol)." Symantec said the flaw is of high urgency and affects AntiVirus Corporate Editon, Brightmail Anti-Spam; Client Security; Gateway Security; Norton AntiVirus; Norton Antivirus for Macintosh; Norton AntiVirus for Microsoft Exchange; and Norton Internet Security. There are no patches yet, but Symantec said users can blunt the threat by disabling the scanning of .rar-compressed files and not opening e-mail attachments from untrusted sources.
Flaws affecting Santa Clara, Calif.-based McAfee were reported in an advisory from iDefense, a division of Mountain View, Calif.-based VeriSign Inc. "Remote exploitation of an access control vulnerability in McAfee Security Center allows attackers to create or overwrite arbitrary files," iDefense said. "The vulnerability specifically exists due to a registered ActiveX control failing to restrict which domains may load the control for...
execution. McAfee fails to restrict the ActiveX control from being loaded in arbitrary domains. As such, attackers can create a specially crafted Web page… to create arbitrary files. This attack can lead to arbitrary code execution by a remote attacker." McAfee said the vulnerability has been fixed via its automatic update service.
IM worm exploits users' Christmas spirit
IM threat specialist IMlogic Inc. of Waltham, Mass., said a new worm is trying to spread by preying on the Christmas spirit of users. IM.GiftCom.All is being broadcast on the AOL, MSN and Yahoo instant messaging networks, attempting "to dupe users into visiting a Web site that appears to be a harmless Santa Claus site but in actuality distributes a rootkit payload," IMlogic said. "The rootkit payload is often named gift.com and when executed hides itself on the user's system, attempts to shut down desktop antivirus software and starts collecting the infected user's information for broadcast over the Internet." Infected users may also further propagate the worm by broadcasting the Web site URL to people on their buddy list, IMlogic said.
Cisco offers workarounds for IOS flaws
San Jose, Calif.-based networking giant Cisco Systems Inc. has offered workarounds for two flaws in the Internetwork Operating System (IOS), which attackers could exploit to access sensitive information or cause a denial-of-service. "The first issue is due to an error in the EIGRP (Enhanced Interior Gateway Routing Protocol) implementation that does not properly handle [a] spoofed neighbor announcement with either mismatched 'k' values or [a] 'Goodbye Message' TLV, which could result in routing neighbor relationships being torn down and reformed, causing a denial of service condition," the French Security Incident Response Team (FrSIRT) said in an advisory. "The second flaw is due to an error when processing illegitimate 'hello' packets in an EIGRP authenticated autonomous system (AS), which could be exploited by malicious users to cause a denial-of-service or obtain sensitive information about the EIGRP domain."
Oracle using Forify's technology to boost security
Redwood Shores, Calif.-based Oracle Corp. said Tuesday that it's integrating the source code and analysis tools of Palo Alto, Calif.-based Fortify Software Inc. into its secure development lifecycle. Oracle will use the technology to dig through the source code of its products for potential security flaws. "Implementing rigorous source code scanning procedures throughout a product's lifecycle helps to reduce security flaws, speed discovery of potential vulnerabilities and ultimately enables more secure software," the company said in a statement, adding that Oracle developers will use the integrated tools to scan "many tens of millions of lines of Oracle code." The move follows criticism Oracle has received in recent months over its flaw-fixing process, with vulnerability researchers and database administrators complaining of incomplete patches and an overall slow response when new flaws are brought to the company's attention.