Computer Crime Research Center


Flaw in Symantec security tool

Date: May 29, 2006
By: Eliot Beer

Researchers have exposed a flaw in Symantec’s corporate anti-virus software, which could allow hackers to gain control of an affected computer.

Symantec has now confirmed the existence of the vulnerability on its website, but has yet to release a patch to secure the affected versions. Its website is currently offering detection tools to help organisations detect attempts to exploit the flaw, although at this stage no exploits are known to exist.

The flaw – a stack overflow in Symantec Client Security version 3.0 and above and Symantec AntiVirus Corporate Edition version 10.0 and above – was discovered by researchers at eEye Digital Security on May 24. Symantec released a statement the following day, and confirmed the vulnerability on May 26.

Original article

Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo