News Stay informed about the latest enterprise technology news and product updates.

Symantec patches AntiVirus Corporate Edition flaw

Attackers could exploit a flaw in Symantec AntiVirus Corporate Edition and Client Security to overwrite kernel addresses, crash machines and run malicious code.

Attackers could exploit a flaw in Symantec AntiVirus Corporate Edition and Client Security to overwrite kernel...

addresses, crash machines and run malicious code with elevated user privileges, the vendor warned in an advisory Monday. A fix is available.

Vulnerability researcher Boon Seng Lim notified Symantec of the flaw, which resides in the SAVRT.SYS component of the program. An attacker could use the output buffer of the DeviceIOControl() function to overwrite kernel addresses because the address space of the output buffer was not properly validated, Symantec said, adding, "A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system."

Symantec said the flaw could be exploited under the following scenarios:

  • An attacker acquires local interactive access to a computer running the affected application.
  • The attacker creates an exploit that interacts with SAVRT.SYS in a manner that triggers this issue. The attacker executes the exploit application.
  • The application improperly validates the data. As a result, memory is overwritten with attacker-supplied data.

The flaw affects Symantec AntiVirus Corporate Edition 8.1, 9.0.3 and earlier versions; and Symantec Client Security 1.1, 2.0.3 and earlier.

The Cupertino, Calif.-based antivirus giant said its engineers verified the problem and released updates to address the affected products.

"Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue," the company added.

As a part of normal best practices, Symantec recommends that users keep all application software and operating systems up-to-date with the latest vendor supplied patches.

Dig Deeper on Microsoft Patch Tuesday and patch management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.