“Symantec has reported glitches in its antivirus software that could allow hackers to launch denial-of-service attacks on computers running the applications. In a notice posted on its Web site this week, Symantec detailed two similar vulnerabilities found in its Norton AntiVirus software, which is sold on its own or bundled in Norton Internet Security and Norton System Works. The flaws, which could lead to computers crashing or slowing severely if attacked, are limited to versions of the software released for 2004 and 2005.
The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of the Norton AntiVirus consumer product, Symantec said. AutoProtect is used to scan files for viruses, Trojan attacks and worms.”
The Information-Technology Promotion Agency of Japan, a government-affiliated tech watchdog group, identified the first instance of the problem in the AutoProtect feature of Norton AntiVirus. AutoProtect scans files for viruses, Trojans and worms.
Essentially Symantec's software crashes when it is asked to inspect a file specifically designed to exploit the flaw. The file could be submitted remotely from outside a system, or, internally by someone with physical access to a computer.
The second flaw, discovered by the Japan Computer Emergency Response team, can be used to launch denial-of-service attacks by scanning specific file modifications via the SmartScan feature of Norton AntiVirus. Malicious use of that vulnerability would specifically require someone with authorized access to a computer to exploit the issue. SmartScan is designed to scour for viruses hidden in file extensions, as well as in executable and document files.
No attacks related to either problem have been reported so far, according to Symantec.…
http://news.zdnet.com/2100-1009_22-5646871.html?tag=nl.e539
Posts
No comments:
Post a Comment