Symantec Corp. released security updates Wednesday for AntiVirus Corporate Edition and Backup Exec, fixing flaws...
attackers could exploit to gain extra user privileges, cause a denial of service or possibly launch malicious code.
The Cupertino, Calif.-based antivirus giant said in its SYM07-017 advisory that the first flaw is in the Real-Time scanner (RTVScan) component of Symantec Antivirus Corporate Edition, which provides notification and logging services for the product.
"One function of RTVScan is to display a notification window with information about a threat found on the system if the program is configured to use that option," Symantec said. "[Researcher] Ali Rhabar notified Symantec that an unprivileged user could potentially attack this window with specially crafted code and gain system-level privileges on their local system. The user could then run code of their choice on their local system."
The good news, Symantec said, is that the attack potential is limited to local users and that the elevation of privilege is limited to the user's own system.
The advisory outlines fixes Symantec has made available for supported versions of the application. The vendor also suggested disabling the "notification message" window as a workaround.
Meanwhile, Backup Exec for Windows servers is vulnerable to a denial-of-service condition when specifically formatted calls are made to a registered RPC interface, according to Symantec's SYM07-015 advisory.
"The DoS occurs due to improper validation and subsequent handling of user input," Symantec said in its advisory. "Successful exploitation requires access to the service port which in a normal installation would require the attacker to have authorized but non-privileged access to the network on which the targeted server resides to leverage network communications."
Symantec said a successful attack would normally result in termination of the targeted service, but that "there is a slight potential that a sufficiently designed and implemented attack could possibly result in arbitrary code execution on and elevated access to the targeted system."
The vendor said its engineers have addressed the issue in all currently supported versions of the product.