DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 19, 2019 
Main Menu
News archives

Who's Online
There are currently 183 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Symantec software was vulnerable to malicious RAR files

Posted on Wednesday, September 21 2016 @ 16:15:13 CEST by

Symantec logo
Anti-virus software is designed to protect you against dangers but unfortunately this sometimes backfires because just like all other software, security tools contain vulnerabilities that can be abused by attackers.

This is exactly what happened to Symantec as Google security researcher Tavis Ormandy discovered it's possible to execute arbitrary code by crafting a RAR file with malicious code hidden inside its header. Ormandy writes Symantec used an ancient version of unrarsrc that hadn't been updated for years, despite publicly documented flaws. This made it possible to crash Symantec's software due to an out-of-bounds read error (CVE-2016-5309) or memory corruption (CVE-2016-5310).

Symantec claims it's a mild vulnerability that enabled an application-level denial of service condition but Ormandy does not agree with this assessment and claims these are remote code execution vulnerabilities at the highest possible privilege level. He also released proof-of-concept code.
A large number of Symantec products are affected, such as the company's flagship product, the Symantec Endpoint Protection (for Mac, Linux, and Windows), Symantec Endpoint Protection Cloud (SEPC) (for Mac and Windows), Symantec Protection Engine, Symantec Web Gateway, and many of its other enterprise and server solutions.
As Softpedia reports, Symantec fixed all issues with patches, which will be distributed via the firm's LiveUpdate software.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba