Serious Symantec Anti-Virus Vulnerability


Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine ‘without any user action’.

It sounds pretty serious.

“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.

Shame there are no real technical details, there is a brief advisory from eEye.

A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

It is a vector that hasn’t been fully exploited yet, AV and Firewall software tends to run at system level, so if you can exploit it you pretty much have full control over the machine.

Internet security experts have long warned that flaws in anti-virus products will become a big target for malicious hackers. During the last 18 months, some of the biggest names in the anti-virus business have shipped critical software updates to cover code execution holes, prompting speculation among industry watchers that it’s only a matter of time before a malicious hacker is motivated to create a devastating network worm using security software flaws as the attack vector.

Something new to look out for?

Source: eWeek

Posted in: Exploits/Vulnerabilities, Security Software

, , , , , , ,


Latest Posts:


ZigDiggity - ZigBee Hacking Toolkit ZigDiggity – ZigBee Hacking Toolkit
ZigDiggity a ZigBee Hacking Toolkit is a Python-based IoT (Internet of Things) penetration testing framework targeting the ZigBee smart home protocol.
RandIP - Network Mapper To Find Servers RandIP – Network Mapper To Find Servers
RandIP is a nim-based network mapper application that generates random IP addresses and uses sockets to test whether the connection is valid or not with additional tests for Telnet and SSH.
Nipe - Make Tor Default Gateway For Network Nipe – Make Tor Default Gateway For Network
Nipe is a Perl script to make Tor default gateway for network, this script enables you to directly route all your traffic from your computer to the Tor network.
Mosca - Manual Static Analysis Tool To Find Bugs Mosca – Manual Static Analysis Tool To Find Bugs
Mosca is a manual static analysis tool written in C designed to find bugs in the code before it is compiled, much like a grep unix command.
Slurp - Amazon AWS S3 Bucket Enumerator Slurp – Amazon AWS S3 Bucket Enumerator
Slurp is a blackbox/whitebox S3 bucket enumerator written in Go that can use a permutations list to scan externally or an AWS API to scan internally.
US Government Cyber Security Still Inadequate US Government Cyber Security Still Inadequate
Surprise, surprise, surprise - an internal audit of the US Government cyber security situation has uncovered widespread weaknesses, legacy systems and poor adoption of cyber controls and tooling.


2 Responses to Serious Symantec Anti-Virus Vulnerability

  1. pissed off pc owner July 11, 2006 at 12:33 pm #

    Let me break the ice in case there are any other people who are currently dealing with this hell too. And that is absolutely no understatement; I am already pondering the possible leagal routes I can pursue when my lovely 2 1/2 year old Gateway desktop will finally once and for all be dead/ not mine/ property of the freeloading asshole who is probably keylogging what I’m writing right now!!!!!!

    This is the end result of security software that I paid for! I really hope someone finds more about the exact nature of this, because I am physically, emotionally, and ye, even spiritually drained from trying in vain to wrestle MY FUCKING DESKTOP away from some remote ghost.

  2. kev September 3, 2006 at 4:06 pm #

    change your keyboard they can contain built in loggers!(built in)
    also check that there is No devices or usb / ps/2 adapters between your keyboard and your tower… these can also contain keyloggers,
    they look like ordinary usb/ps2 adapters no joke!!
    further to this you need to look inside your tower and ensure you don’t have any usb extenders ….if you have replace em
    as sometimes they have one extra internal usb port …it is also possible to plus usb logger in there too,
    all of the above are very effective as they don’t slowdown your pc
    …hence no give away symtoms…that your being logged!

    when youve done they above do a full system scan withe a good
    reputable antivirus software….”this will weed out any software type loggers”…..if your machine is perhaps slow!! this may be a dead give away that you perhaps have have this variety
    a lot of loggers these days can be remote accessed!

    hope the above helps!
    regards kev

    i hope the above helps you!