Vulnerability reported in Symantec Anti-virus

From: Allison Henry <akhenry_at_berkeley.edu>
Date: Fri May 26 2006 - 10:58:44 PDT

As you may be aware, a vulnerability was recently reported in Symantec
Anti-virus desktop software that if, exploited, could allow an attacker
to execute malicious code with SYSTEM level access (see information
below). The version of Symantec Anti-virus available on
http://software.berkeley.edu, and included in the C_at_B CD, is vulnerable
to this exploit. SNS is aware of the vulnerability and is working on
solutions to help mitigate the threat.

Please be aware that this vulnerability has been reported to Symantec by
a security research group, and no exploits of this vulnerability have
been released at this time. Symantec will be releasing an update
shortly, so to prepare make sure your LiveUpdate software is working
properly so you can receive updates when they become available. When an
update is released or we get any new information on this issue, we will
update the appropriate mailing lists.

For more information:

http://www.cnn.com/2006/TECH/internet/05/25/antivirus.flaw.ap/index.html

and

http://eeye.com/html/research/upcoming/20060524.html

Upcoming Advisories

Date Reported:
May 24, 2006

Vendor:
Symantec

Description:
A remotely exploitable vulnerability exists within the Symantec
Antivirus program. This flaw does not require any end user interaction
for exploitation and can compromise affected systems, allowing for the
execution of malicious code with SYSTEM level access.

Severity:
High (Remote Code Execution)

Remote Code Execution:
Yes

Software Affected:
Symantec Antivirus 10.x
Symantec Client Security 3.x
(Other Symantec Antivirus products are also potentially affected,
waiting for vendor list)

Status:
Initial report stage 

-- 
Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu
------------------------------------------------------------------------
The following was automatically added to this message by the list server:
For information about Micronet, including subscribing to
or unsubscribing from its mailing list and finding out
about upcoming meetings, please visit the Micronet Web site:
<http://micronet.berkeley.edu/>.
Received on Fri May 26 11:05:38 2006

This archive was generated by hypermail 2.1.8 : Fri May 26 2006 - 11:05:40 PDT