As per an advisory posted on eEye’s Web site, the flaw does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.
The most worrisome fact is that that after the vulnerability is exploited; hacker gains accesses to a command shell. This signifies that the attacker would be able to perform just about any action, and opens up the possibility of a worm automatically infecting systems.
According to a survey made by researchers, the problem potentially affects millions of Symantec users. More than 200 million systems use Symantec’s antivirus software.
Headquartered in Cupertino, California-Symantec also has accepted the vulnerability in its Norton Antivirus product as a high impact risk and has issued a range of intrusion detection signatures (IDS) and intrusion prevention signatures (IPS) as a temporary fix for users.
All the same the security software maker company thanked the researchers at intrusion prevention software company eEye Digital Security, who brought the vulnerability to the attention of Symantec and the world.
In its statement the company said, “Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system,” adding that “Symantec would like to thank eEye Digital Security for reporting this issue, and working with us on the resolution.”
The range of IDS and IPS to signatures, which has released by the Symantec, is available to consumer via its LiveUpdate service.
The company says, “As a mitigation strategy, Symantec Security Response has also made available IPS signatures for Symantec Client Security to protect against exploits of the described vulnerability. Symantec recommends customers immediately apply the latest Security Update to protect against potential related attacks.”
This is not the first time the security software maker has been criticized for such issues rather trapped with such missteps over the years. Recently, numerous problems have surfaced, including flaws in its Scan Engine product, as well as a critical flaw in the way it scans RAR files.
In addition, Symantec has been apprehended using a rootkit-like feature in its products, and has suffered financial blow from a $1 billion tax bill owed by Veritas, which was bought by Symantec in 2004.