Serious Symantec Anti-Virus Vulnerability

The New Acunetix V12 Engine


Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine ‘without any user action’.

It sounds pretty serious.

“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.

Shame there are no real technical details, there is a brief advisory from eEye.

A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

It is a vector that hasn’t been fully exploited yet, AV and Firewall software tends to run at system level, so if you can exploit it you pretty much have full control over the machine.

Internet security experts have long warned that flaws in anti-virus products will become a big target for malicious hackers. During the last 18 months, some of the biggest names in the anti-virus business have shipped critical software updates to cover code execution holes, prompting speculation among industry watchers that it’s only a matter of time before a malicious hacker is motivated to create a devastating network worm using security software flaws as the attack vector.

Something new to look out for?

Source: eWeek

Posted in: Exploits/Vulnerabilities, Security Software

, , , , , , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


2 Responses to Serious Symantec Anti-Virus Vulnerability

  1. pissed off pc owner July 11, 2006 at 12:33 pm #

    Let me break the ice in case there are any other people who are currently dealing with this hell too. And that is absolutely no understatement; I am already pondering the possible leagal routes I can pursue when my lovely 2 1/2 year old Gateway desktop will finally once and for all be dead/ not mine/ property of the freeloading asshole who is probably keylogging what I’m writing right now!!!!!!

    This is the end result of security software that I paid for! I really hope someone finds more about the exact nature of this, because I am physically, emotionally, and ye, even spiritually drained from trying in vain to wrestle MY FUCKING DESKTOP away from some remote ghost.

  2. kev September 3, 2006 at 4:06 pm #

    change your keyboard they can contain built in loggers!(built in)
    also check that there is No devices or usb / ps/2 adapters between your keyboard and your tower… these can also contain keyloggers,
    they look like ordinary usb/ps2 adapters no joke!!
    further to this you need to look inside your tower and ensure you don’t have any usb extenders ….if you have replace em
    as sometimes they have one extra internal usb port …it is also possible to plus usb logger in there too,
    all of the above are very effective as they don’t slowdown your pc
    …hence no give away symtoms…that your being logged!

    when youve done they above do a full system scan withe a good
    reputable antivirus software….”this will weed out any software type loggers”…..if your machine is perhaps slow!! this may be a dead give away that you perhaps have have this variety
    a lot of loggers these days can be remote accessed!

    hope the above helps!
    regards kev

    i hope the above helps you!