Serious Symantec Anti-Virus Vulnerability


Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the target machine ‘without any user action’.

It sounds pretty serious.

“This is definitely wormable. Once exploited, you get a command shell that gives you complete access to the machine. You can remove, edit or destroy files at will,” said eEye Digital Security spokesperson Mike Puterbaugh.

Shame there are no real technical details, there is a brief advisory from eEye.

A remotely exploitable vulnerability exists within the Symantec Antivirus program. This flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

It is a vector that hasn’t been fully exploited yet, AV and Firewall software tends to run at system level, so if you can exploit it you pretty much have full control over the machine.

Internet security experts have long warned that flaws in anti-virus products will become a big target for malicious hackers. During the last 18 months, some of the biggest names in the anti-virus business have shipped critical software updates to cover code execution holes, prompting speculation among industry watchers that it’s only a matter of time before a malicious hacker is motivated to create a devastating network worm using security software flaws as the attack vector.

Something new to look out for?

Source: eWeek

Posted in: Exploits/Vulnerabilities, Security Software

, , , , , , ,


Latest Posts:


Sooty - SOC Analyst All-In-One CLI Tool Sooty – SOC Analyst All-In-One CLI Tool
Sooty is a tool developed with the task of aiding a SOC analyst to automate parts of their workflow and speed up their process.
UBoat - Proof Of Concept PoC HTTP Botnet Project UBoat – Proof Of Concept PoC HTTP Botnet Project
UBoat is a PoC HTTP Botnet designed to replicate a full weaponised commercial botnet like the famous large scale infectors Festi, Grum, Zeus and SpyEye.
LambdaGuard - AWS Lambda Serverless Security Scanner LambdaGuard – AWS Lambda Serverless Security Scanner
LambdaGuard is a tool which allows you to visualise and audit the security of your serverless assets, an open-source AWS Lambda Serverless Security Scanner.
exe2powershell - Convert EXE to BAT Files exe2powershell – Convert EXE to BAT Files
exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.
HiddenWall - Create Hidden Kernel Modules HiddenWall – Create Hidden Kernel Modules
HiddenWall is a Linux kernel module generator used to create hidden kernel modules to protect your server from attackers.
Anteater - CI/CD Security Gate Check Framework Anteater – CI/CD Security Gate Check Framework
Anteater is a CI/CD Security Gate Check Framework to prevent the unwanted merging of filenames, binaries, deprecated functions, staging variables and more.


2 Responses to Serious Symantec Anti-Virus Vulnerability

  1. pissed off pc owner July 11, 2006 at 12:33 pm #

    Let me break the ice in case there are any other people who are currently dealing with this hell too. And that is absolutely no understatement; I am already pondering the possible leagal routes I can pursue when my lovely 2 1/2 year old Gateway desktop will finally once and for all be dead/ not mine/ property of the freeloading asshole who is probably keylogging what I’m writing right now!!!!!!

    This is the end result of security software that I paid for! I really hope someone finds more about the exact nature of this, because I am physically, emotionally, and ye, even spiritually drained from trying in vain to wrestle MY FUCKING DESKTOP away from some remote ghost.

  2. kev September 3, 2006 at 4:06 pm #

    change your keyboard they can contain built in loggers!(built in)
    also check that there is No devices or usb / ps/2 adapters between your keyboard and your tower… these can also contain keyloggers,
    they look like ordinary usb/ps2 adapters no joke!!
    further to this you need to look inside your tower and ensure you don’t have any usb extenders ….if you have replace em
    as sometimes they have one extra internal usb port …it is also possible to plus usb logger in there too,
    all of the above are very effective as they don’t slowdown your pc
    …hence no give away symtoms…that your being logged!

    when youve done they above do a full system scan withe a good
    reputable antivirus software….”this will weed out any software type loggers”…..if your machine is perhaps slow!! this may be a dead give away that you perhaps have have this variety
    a lot of loggers these days can be remote accessed!

    hope the above helps!
    regards kev

    i hope the above helps you!