Symantec hole plugged
by Nikola Strahija on May 28th, 2006 Well, guess that the Speed Patching Cup is going to the Symantec company, for patching the Client Security and Anti-virus Corporate Edition holes.
Only days from receiving the zero-day vulnerability report, the Symantec company has managed to produce a patch for both affected products. Furthermore, the company also issued the intrusion detection system signatures to detect attempts to exploit the issue, although it has not yet received any notice of this vulnerability being exploited.
This flaw was given a highly critical rating. Exploiting the stack overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system, says the Symantec advisory.