December 21, 2005 8:06 AM PST

'High' risk in Symantec antivirus software flaw

By Colin Barker
Special to CNET News.com

Share
- Digg
- Del.icio.us
- Reddit
- Facebook
Email
Print

Related Stories: Flaw found in Kaspersky antivirus
October 3, 2005; Symantec details flaws in its antivirus software
March 30, 2005; Another antivirus software flaw detected
March 17, 2005; F-Secure flaw opens door to intruders
February 11, 2005; Symantec flaw leaves opening for viruses
February 9, 2005; Symantec security product contains flaw
June 24, 2003; Symantec fixes Norton security flaw
November 11, 2002

Symantec's antivirus software contains a vulnerability that could be exploited by a malicious hacker to take control of a system, the company said late Tuesday.

According to Symantec, the bug, which affects a range of the company's security products, is a "high" risk. Denmark security company Secunia has labeled it "highly critical."

According to an advisory issued by Secunia, the bug affects most of Symantec's products, including enterprise and home user versions of Symantec AntiVirus, Symantec Norton AntiVirus and Symantec Norton Internet Security, across the Windows and Macintosh platforms.

The vulnerability is within Symantec AntiVirus Library, which provides file format support for virus analysis. "During decompression of RAR files, Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected," said security consultant Alex Wheeler, who first discovered the flaw. "These vulnerabilities can be exploited remotely, without user interaction, in default configurations through common protocols such as SMTP."

RAR is a native format for WinRAR, which is used to compress and decompress data. So far, the vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and, according to Wheeler, potentially affects all Symantec products that use the DLL. The full list of products affected can be seen here.

Symantec has not yet released a patch to address this problem. In the meantime, Wheeler recommends that users "disable scanning of RAR-compressed files until the vulnerable code is fixed."

This is not the first vulnerability Wheeler has discovered. In October, he highlighted a similar flaw in Kaspersky Lab's antivirus software, which was later acknowledged by the company. Again, it was a heap overflow vulnerability.

In February, he found a different heap overflow vulnerability in Symantec's antivirus software.

Colin Barker of ZDNet UK reported from London.

See more CNET content tagged:
Symantec AntiVirus, Symantec Corp., vulnerability, antivirus software, RAR

Latest tech news headlines

TechCrunch50: the day 1 schedule
Posted in Webware by Jonathan Skillings

September 8, 2008 7:12 AM PDT
McAfee brings nearly instant malware updates
Posted in News - Security by Robert Vamosi

September 8, 2008 7:03 AM PDT
Google announcement coming later today
Posted in Webware by Rafe Needleman

September 8, 2008 6:45 AM PDT

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Inside CNET News

Scroll Left Scroll Right

News - Business Tech
IBM's EMEA revenue growth shaping up with same past path
IBM announces its third quarter revenue growth in Europe, the Middle East and Africa is shaping up to post a similar growth pattern as the first half of the year - a.k.a. a moderate IT spending environment.
Gallery
Photos: Top 10 reviews of the week
Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.
The Open Road
Disservice to partners may bite Apple
The Mac maker does many things right, but partner management is not one of them. Delays in App Store updates and general lack of communication is frustrating developers.
Coop's Corner
Chris Shipley 1, Internet lynch mob 0
Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.
Video
Katie Couric reflects on first Webcast
The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.
News - Digital Media
Want top search results? Tread carefully
In the business of promoting Web sites to top search results, some push limits to find what tricks are allowed. But there's evidence the trade is getting more respectable.
Video
YouTube plays party politics
During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.
News - Gaming and Culture
Say Where brings voice recognition to iPhone apps
Forthcoming iPhone app from Dial Directions aims to give users a way to get information from sites like Yelp, MapQuest and others by speaking instead of typing.
News - Cutting Edge
Execs predict next Google-like tech
On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.
Gallery
Images: The art of 'Spore' prototypes
Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.
Webware
TechCrunch50: the day 1 schedule
The organizers of the vent have been playing their start-up cards close to the vest, but now we know who'll be presenting Monday.
Green Tech
TI does energy efficiency on a chip
Its line of Piccolo microcontrollers can reduce power consumption significantly of home appliances, hybrid cars, LED lighting, and even solar panels.