The flaw affects the majority of Symantec's enterprise and consumer security products - including antivirus, antispam and even firewalls - and can be exploited using a specially crafted virus or Web page. According to Symantec, the vulnerability allows the attacker to exploit a buffer overflow and launch arbitrary code on a vulnerable machine.
Tim Hartman, senior technical director for Symantec Asia Pacific, told ZDNet Australia that the flaw was discovered in a software 'engine' that is used to deliver virus definitions to the majority of the company's products.
"A vulnerability is not a vulnerability till somebody discovers it but because this is now known, somebody could craft an e-mail, mass mailer or a virus that takes advantage of it. It affects our firewalls, antispam, all the retail products and the enterprise products as well," said Hartman.
According to Hartman, Symantec's priority is to ensure all of its customers either install a patch to plug the hole or upgrade to the latest version - which he said are not vulnerable.
"The best thing to do is upgrade but that is up to the discretion of the user. The problem is that not everybody upgrades and not everybody updates so there are still quite a few legacy systems out there that have this vulnerability," said Hartman.
This most recent flaw is an embarrassment for Symantec, which has been the subject of criticism over the past four months for continuing to ignore a flaw in its consumer antivirus products that enable malicious scripts to deactivate the application's real time scanning feature -- leaving the victim's computer completely defenceless.
Additionally, within hours of announcing the most recent flaw in its products, Symantec issued a statement to clarify that Microsoft's acquisition of Sybari Software, which develops security software that can be used with Microsoft Exchange and Lotus Notes messaging servers, will not affect third party security suppliers because Sybari does not own a core scanning technology for either antivirus or antispam.
According to the Symantec statement, the acquisition will help Microsoft integrate antivirus solutions with Exchange but will still require a scanning engine and support infrastructure from one or more third party antivirus and antispam vendors.
"This acquisition does not provide Microsoft with the security and antivirus response infrastructure necessary to support the virus protection needs of enterprise customers. Detection is only as strong as the best engine plugged into the solution," the statement said.
Congratulations ZDnet and Thanks Dan!
NAV has not been a valid product for over seven months now. The ACCC need to investigate the false claims of retailers selling products that consistently fail to protect consumers. Even when patched, keep an eye on your hosts file - the trojan attack vector will aim to turn off auto-update features before leaving backdoors and keyloggers. ALternatively, look at PROCESS GUARD - another ZDnet tip. It protects the executable files of your AV from attack. In fact, you can even block any service you want from playing behind your back.