Home > Domino News > Symantec AntiVirus Corporate Edition vulnerable to flaw
Domino News:
EMAIL THIS

Symantec AntiVirus Corporate Edition vulnerable to flaw

By Bill Brenner, Senior News Writer
31 May 2006 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

Attackers could launch malicious code to gain system-level privileges by exploiting a flaw in Symantec AntiVirus Corporate Edition 10, Aliso Viejo, Calif.-based eEye Digital Security Inc. has warned in an advisory.

The company labeled the security hole "high-severity" and Cupertino, Calif.-based Symantec Corp. said it is investigating eEye's findings. Details on the exact nature of the vulnerability were not immediately available.

"This flaw does not require any end-user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system-level access," eEye said in its brief advisory.

In its advisory detailing the AntiVirus Corporate Edition 10 flaw, Symantec said its Norton products "do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue." The company said its product teams are investigating and, if necessary, "we will provide updates for all currently supported products to resolve this issue."

Symantec added that it's not aware of any customers that have been affected by the flaw. "There is no known exploit code currently in the wild that takes advantage of this reported vulnerability," the company said.

For now, Symantec said AntiVirus Corporate Edition customers can mitigate the threat by:

  • Blocking external access at the network boundary, unless external parties require service.
  • Filtering access to the affected computer at the network boundary if global accessibility is not required.
  • Restricting access to only trusted computers and networks.
  • Deploying network intrusion detection systems (IDS) to monitor network traffic for malicious activity.
  • Not accepting or executing files from untrusted or unknown sources.
  • Avoiding the acceptance of or executing files that originate from users of questionable integrity.

    This article originally appeared on SearchSecurity.com.

    Tags: Lotus Notes Domino Antivirus Software and Virus ProtectionProductVIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Lotus Notes Domino Antivirus Software and Virus Protection
    Protect Lotus Notes from malicious code with the Domino ECL
    Online crime as ugly as ever
    McAfee sued for patent infringement
    Antivirus researcher Gullotto leaves Symantec for Microsoft
    McAfee products vulnerable to code execution flaw
    JavaScript worm spreads through Yahoo Mail
    Virus onslaught sickens smartphones
    New Sober variant hits inboxes
    Data shows spyware becoming 'global pandemic'
    Alleged virus spreader held without bond

    Product
    Lotus makes mobile partnerships and Notes Traveler top priorities
    IBM Lotus to end Notes/Domino 7.x support
    Looking forward, IBM Lotus needs back-end improvements
    WebSphere is a world of trouble, Domino readers say
    IBM releases HR accelerator for SAP and WebSphere
    Lotusphere 2007 recap
    IBM expands interoperability in Sametime IM tool
    Mobility adds muscle to gym equipment vendor
    BlackBerry battles for mobility domination
    Latest Ajax tools from Nexaweb target SOA, Web 2.0

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    • Lotus Notes Server Solutions - Quickr, Domino Server, Websphere
    HomeTopicsITKnowledge ExchangeTipsAsk the ExpertsMultimediaWhite PapersDomino IT Downloads
    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    SEARCH 
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 1999 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts