Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Symantec flaw to affect 30 products

Symantec flaw to affect 30 products

by Nikola Strahija on February 9th, 2005 A cross-platform flaw has been discovered, affecting many Symantec security products, both consumer and enterprise. Users of Symantec's anti-virus applications and Brightmail anti-spam software (among others) all need to apply patches following the discovery of the "highly critical" security bug.


The vulnerability origins from a flaw in an antivirus-scanning component (called the DEC2EXE parsing engine) involving the handling of UPX compressed files.

Harmfully constructed UPX files could be created in order to cause a heap-based buffer overflow. This in turn makes it possible for malicious hackers to inject hostile code onto vulnerable systems, allowing them to be taken over by attackers.

Symantec said the vulnerable DEC2EXE engine is no longer required to parse compressed files. It had already planned to dispense with the component across its product range and the discovery of vulnerability by a security tools vendor has simply quickened the process.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »