Symantec released patches for a vulnerability found in a large number of its products, including flagship titles such as BrightMail AntiSpam, AntiVirus Corporate Edition, and its 2004 consumer slate.
According to rival Internet Security Systems' X-Force research group, which discovered the flaw, the bug is in the DEC2EXE module of the Symantec Antivirus Library, a part of the scanning engine that's able to peek into compressed executable files squeezed with the UPX (Ultimate Packer for eXecutables) format.
“This vulnerability can be triggered by an unauthenticated remote attacker, without user interaction, by sending an email containing a crafted UPX file to the target Symantec AntiVirus Library on client, server, and gateway implementations,” said X-Force in its advisory. A successful attack could give the attacker complete control of the supposedly-protected system.
Symantec posted a security alert on its website that listed the 29 vulnerable Windows (and Macintosh) products, along with recommendations to update and/or upgrade the flawed software.
The security giant spun the news by claiming that even before ISS notified it of the vulnerability, it had already removed the DEC2EXE module from the scan engine upgrades in most of its products. It now plans to strip the offending module from all affected versions during upcoming maintenance releases.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
