February 10, 2005
Symantec Software Virus Vulnerability
Symantec anti-virus software users should update their software as soon as possible. The company has admitted there is a vulnerability that may actually execute a virus rather than block it. It affects the majority of Symantec's antivirus and antispam products including Norton Systemworks and Symantec Mail security."This could allow an attacker to potentially exploit high-profile systems used to filter malicious data, and potentially allow further compromise of targeted internal networks." The problem exists in how the scanning code handles a compression format known as the Ultimate Packer for Executables (UPX). An attacker could create a virus designed to exploit the UPX flaw and send it to victims through e-mail or host it on a Web site. An unpatched Symantec scanner checking incoming e-mail or the Web pages that users browse would run the program instead of catching the virus.
