Serious Symantec Anti-Virus Vulnerability

Outsmart Malicious Hackers


Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine ‘without any user action’.

It sounds pretty serious.

“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.

Shame there are no real technical details, there is a brief advisory from eEye.

A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

It is a vector that hasn’t been fully exploited yet, AV and Firewall software tends to run at system level, so if you can exploit it you pretty much have full control over the machine.

Internet security experts have long warned that flaws in anti-virus products will become a big target for malicious hackers. During the last 18 months, some of the biggest names in the anti-virus business have shipped critical software updates to cover code execution holes, prompting speculation among industry watchers that it’s only a matter of time before a malicious hacker is motivated to create a devastating network worm using security software flaws as the attack vector.

Something new to look out for?

Source: eWeek

Posted in: Exploits/Vulnerabilities, Security Software

, , , , , , ,


Latest Posts:


DAST vs SAST - Dynamic Application Security Testing vs Static DAST vs SAST – Dynamic Application Security Testing vs Static
In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static or SAST.
Cr3dOv3r - Credential Reuse Attack Tool Cr3dOv3r – Credential Reuse Attack Tool
Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.
Mr.SIP - SIP Attack And Audit Tool Mr.SIP – SIP Attack And Audit Tool
Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work.
Uber Paid Hacker To Hide 57 Million User Data Breach Uber Paid Hackers To Hide 57 Million User Data Breach
Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts.
RDPY - RDP Security Tool For Hacking Remote Desktop Protocol RDPY – RDP Security Tool For Hacking Remote Desktop Protocol
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.
Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.


2 Responses to Serious Symantec Anti-Virus Vulnerability

  1. pissed off pc owner July 11, 2006 at 12:33 pm #

    Let me break the ice in case there are any other people who are currently dealing with this hell too. And that is absolutely no understatement; I am already pondering the possible leagal routes I can pursue when my lovely 2 1/2 year old Gateway desktop will finally once and for all be dead/ not mine/ property of the freeloading asshole who is probably keylogging what I’m writing right now!!!!!!

    This is the end result of security software that I paid for! I really hope someone finds more about the exact nature of this, because I am physically, emotionally, and ye, even spiritually drained from trying in vain to wrestle MY FUCKING DESKTOP away from some remote ghost.

  2. kev September 3, 2006 at 4:06 pm #

    change your keyboard they can contain built in loggers!(built in)
    also check that there is No devices or usb / ps/2 adapters between your keyboard and your tower… these can also contain keyloggers,
    they look like ordinary usb/ps2 adapters no joke!!
    further to this you need to look inside your tower and ensure you don’t have any usb extenders ….if you have replace em
    as sometimes they have one extra internal usb port …it is also possible to plus usb logger in there too,
    all of the above are very effective as they don’t slowdown your pc
    …hence no give away symtoms…that your being logged!

    when youve done they above do a full system scan withe a good
    reputable antivirus software….”this will weed out any software type loggers”…..if your machine is perhaps slow!! this may be a dead give away that you perhaps have have this variety
    a lot of loggers these days can be remote accessed!

    hope the above helps!
    regards kev

    i hope the above helps you!