BetaONE will rise again!


Reply
  #1  
Old 10th Feb 05, 06:00 PM
NewsBot's Avatar
NewsBot NewsBot is offline
Senior Member
 
Join Date: Oct 2004
Posts: 30,858
NewsBot will become famous soon enough
Symantec Products Hit By Major Security Bug
A serious flaw in a comment element to Symantec's products has emerged this week; the company reported that the flaw was "high" risk. Symantec, maker of protection software, said the flaw was in the antivirus library used in some of its products. Secunia elaborated on this further, saying that "the vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file".

In an advisory issued earlier this week, Symantec said that "The impact of this vulnerability is exaggerated by the fact that many e-mail and other traffic routing gateways make use of file-scanning utilities that make use of the vulnerable library. This could allow an attacker to potentially exploit high-profile systems used to filter malicious data, and potentially allow further compromise of targeted internal networks".

The flaw affects as many as 30 Symantec products, almost all of the company's software. The company said that users of the most recent versions of its software, like Norton Antivirus 2005, were un-affected. The company added that "The DEC2EXE engine is no longer required to parse compressed files" and that "Symantec had planned the DEC2EXE engine removal from all affected Symantec product versions during upcoming maintenance update." However, it advised all users to ensure they were fully patched (see link below). The company is also distributing patches to users via its automated Live Update feature.

View: Patch Up @ Symantec.com | Affected Products | Secunia Advisory

News source: Neowin
Full story: View Here
Reply With Quote
  #2  
Old 10th Feb 05, 08:53 PM
war59312 war59312 is offline
BetaONE Supporter
 
Join Date: Jul 2001
Location: U.S.A
Posts: 2,220
war59312 has disabled reputation
Send a message via ICQ to war59312 Send a message via AIM to war59312 Send a message via MSN to war59312 Send a message via Yahoo to war59312
hhaah Pretty much, figures!!

WTF:

Server Error, unable to connect to fastcgi server.

lol Got that when posting but it still posted. um odd
__________________
Ad Muncher Usage Statistics for v4.7 Build 27105/1624
Adverts removed by Ad Muncher: 1,601,933
Approximate bandwidth saved: 12,515 MB
Counter started: April 2, 2003

Download: http://war59312.admuncher.com/download.shtml
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Explorer Hit by Major XSS Bug NewsBot NeoWin News 0 17th Dec 04 04:00 PM


All times are GMT +1. The time now is 06:20 PM.


Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.