A serious security flaw has hit several Symantec security products, many of which are in widespread use, says the company.
The vulnerability is serious enough to have been been classified as “high risk”. According to the Symantec site, the vulnerable component “fails to do proper bounds checks when analyzing certain container files for virus content. An attacker sending a specifically crafted UPX file could potentially compromise the targeted system.”
The company advises that systems which have not been upgraded to the latest version of any Symantec product should be immediately updated.
The list of affected products is long and wide, and includes:
Gateway Security 1.0/2.0
Norton Internet Security 2004
Norton Internet Security 2004 Professional
Norton SystemWorks 2004
AntiVirus Corporate Edition 8.0/9.0
AntiVirus for Caching 4.0
AntiVirus for Network Attached Storage 4.0
AntiVirus for SMTP Gateways 3.0
AntiVirus Scan Engine 4.0
Symantec AntiVirus/Filtering for Domino
Brightmail AntiSpam 4.0/5.0
Client Security 1.0/2.0
Mail Security for Exchange 4.0
Mail Security for SMTP 4.0
Norton AntiVirus 2004
Norton AntiVirus for Microsoft Exchange 2.0
Web Security 3.0
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.
The full list, details, and update links can be found at the Symantec Security Response site.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.