Buffer overflow vulnerability found in corporate AV software.
Symantec
was quick to respond late last month to the discovery of a potentially critical vulnerability in the latest versions of its corporate anti-virus software.
The stack overflow vulnerability, which was discovered by researchers at
eEye Digital Security
in
Symantec Client Security 3.x
and
Symantec AntiVirus Corporate Edition 10.x
, would potentially allow remote attackers to execute code on the affected machine – without any user interaction.
Symantec
responded to the discovery by releasing a series of intrusion prevention signatures for the affected versions of the software. The company was also quick to point out that it was not aware of any customers affected by the vulnerability, or of any exploits of the vulnerability.
Posted on 01 June 2006 by
Virus Bulletin
Leave a Reply