Symantec Warns Of Flaw In Antivirus Program

Symantec Corp. is warning its customers about a security vulnerability within its antivirus application. The Internet security vendor ranks the flaw as "medium," while security research group Secunia pegged the flaw as "moderately critical."

The flaw, which resides within Symantec's Norton AntiVirus 2004 application, could let attackers run code of their choice on a user's system, launch unauthorized pop-ups, or even create a denial-of-service condition to freeze Symantec's antivirus application. Virus and worm writers are increasingly attempting to disable antivirus and personal firewall security applications, so a flaw such as this would be a prime target for virus writers seeking to disable a user's defenses.

The flaw resides within the way an ActiveX control within Norton AntiVirus fails to properly verify or validate information sent to it. Symantec recommends that all Norton AntiVirus users run the LiveUpdate feature to fix the ActiveX control security vulnerability.

According to Symantec's report, issued late Thursday, hackers attempting to launch malicious applications on a user's system would have to use malware already installed in the system and know the location of the application before being able to launch. The most likely scenario for this type of attack would be hackers luring users to download some type of malicious application from a Web site or to download an E-mail attachment.

It's the second time this month that Symantec users have been advised to patch their security applications. On May 12, Symantec posted a security advisory and a handful of patches to fix several flaws within its consumer and corporate security software. Those flaws affected the consumer versions of Norton AntiSpam, Norton Internet Security and Professional, as well as Norton Personal Firewall for the years 2002 through 2004. Security holes within Symantec's corporate security software, Symantec Client Firewall 5.01 and 5.1.1 and Symantec Client Security 1.0, 1.1, and 2.0 also were disclosed.