Two flaws in alert handling unveiled.
Two separate vulnerabilites in the alert notification handling systems of
Symantec
products have been reported this week.
Symantec Client Security
and
Symantec AntiVirus Corporate Edition
are affected by the problems.
The problems are both format string errors, the first allowing code execution with escalated privileges and the second granting the power to crash the on-access scanning functionality of the software.
One of the bugs was reported by
Layered Defense Research
,
here
. The other is described in detail in
this alert
from
Symantec
. Both have been patched by the vendors, and users are advised to update their software.
Posted on 15 September 2006 by
Virus Bulletin
Leave a Reply