Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Symantec Fixes Buffer Overflow Error

Security Company Symantec has developed a product update to repair buffer overflow vulnerability, which could allow a remote hacker to gain control of the affected system.

Although vulnerabilities that help to take control over a system are regarded as "critical bugs", Symantec rated the flaw a medium danger. According to US-CERT, the flaw could also enable a hacker to initiate crash down of victim's browser. Researchers at the US-CERT reported the vulnerability to Symantec, as published by ITnews on May 18, 2007.

Symantec's problem is due to an ActiveX control but that would only affect Norton Internet Security, Norton Anti-Virus, and Norton System Works, all for versions 2005 and 2006. Symantec said it fixed this problem. IDefense Labs that first discovered the flaw has its details.

The Norton Internet Security product of Symantec is based on Windows system that covers anti-virus, firewall, privacy protection and intrusion detection as well as spam and content filtering. An ActiveX control is a bunch of rules based on which applications use information.

The success of the vulnerability exploit relies on an attacker's luring tactics on a user to seeing malicious html code. For this, the hacker dispatches probable victims' e-mail carrying malicious attachment or a link connecting to a website that has an embedded malicious code. Symantec reported through an advisory that it has not found any incident of the bug exploitation so far in the wild.

Virus Bulletin has found that the serious flaws in the past few months emerged in products from the major security vendors, Symantec, McAfee and Computer Associates. It reports patches have been issued for all but a user must update to patch his/ her copy. For the present, users must ensure right configuration of their security software for automatic updates.

Virus Bulletin said the most severe of the three failures was a buffer overflow that affected many McAfee products. A site taking advantage of this error could takeover a user's system by corrupting the ActiveX control. Security firm Secunia rated the flaw "highly critical". Meanwhile, McAfee had patched it during late March 2007.

Related article: Sentence for American Contractor for Sabotaging Government Navy Computers

» SPAMfighter News - 23-05-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next