DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
October 23, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 130 people online.

 

Latest Reviews
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
 

Follow us
RSS
 

Symantec software was vulnerable to malicious RAR files

Posted on Wednesday, September 21 2016 @ 16:15:13 CEST by


Symantec logo
Anti-virus software is designed to protect you against dangers but unfortunately this sometimes backfires because just like all other software, security tools contain vulnerabilities that can be abused by attackers.

This is exactly what happened to Symantec as Google security researcher Tavis Ormandy discovered it's possible to execute arbitrary code by crafting a RAR file with malicious code hidden inside its header. Ormandy writes Symantec used an ancient version of unrarsrc that hadn't been updated for years, despite publicly documented flaws. This made it possible to crash Symantec's software due to an out-of-bounds read error (CVE-2016-5309) or memory corruption (CVE-2016-5310).

Symantec claims it's a mild vulnerability that enabled an application-level denial of service condition but Ormandy does not agree with this assessment and claims these are remote code execution vulnerabilities at the highest possible privilege level. He also released proof-of-concept code.
A large number of Symantec products are affected, such as the company's flagship product, the Symantec Endpoint Protection (for Mac, Linux, and Windows), Symantec Endpoint Protection Cloud (SEPC) (for Mac and Windows), Symantec Protection Engine, Symantec Web Gateway, and many of its other enterprise and server solutions.
As Softpedia reports, Symantec fixed all issues with patches, which will be distributed via the firm's LiveUpdate software.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba