The security researcher Tavis Ormandy, who works for the Project Zero team of Google in order to find security holes and vulnerabilities in the systems, found that the Symantec Antivirus Engine is vulnerable to external attacks while parsing header files PE (portable -executable) in an incorrect format. In these cases there may be a buffer overflow resulting in a system crash. It is not the first time that a bug is discovered in an anti-virus system, but not often that these vulnerabilities are active on all platforms as a last case discovered by Ormandy.
"These malformed PE file can be received incoming, download documents or applications by e-mail or by visiting a malicious website," wrote the researcher describing the newly discovered flaw in the Symantec system. "No user interaction is required to launch the analysis of the invalid file. On Windows, this results in the corruption of kernel memory as the engine that deals with the scan is loaded into the kernel. In this way, vulnerability becomes remote type ring0 memory corruption ".
For other operating systems, like Linux, OS X and other Unix-based software, the exploit it is manifested as a remote heap overflow as the root user in the Symantec or Norton process. According to noted Symantec Vulnerability, "the most common result of an attack carried out with success" might be a system crash or BSOD, the infamous blue screen of death. However all'exploit give life does not even require the 'user interaction, such as Ormandy has reported: "Since Symantec uses a driver to intercept all the I / O system, simply send a file to a victim or send link to exploit the bug. "
The positive part is that Symantec has already circulated on Monday a fix for its products, saying that anyone who uses LiveUpdate should already have received and installed the patch. To be affected by the vulnerability were the following software on all available platforms: Symantec Endpoint Antivirus, Norton Antivirus, Symantec Scan Engine Symantec Email Security. It is not the first time you found a bug on a virus, with the Project Zero who has in the past slapped other famous brands in the industry, such as Kaspersky, Avast, FireEye, AVG and Malwarebytes.
"These malformed PE file can be received incoming, download documents or applications by e-mail or by visiting a malicious website," wrote the researcher describing the newly discovered flaw in the Symantec system. "No user interaction is required to launch the analysis of the invalid file. On Windows, this results in the corruption of kernel memory as the engine that deals with the scan is loaded into the kernel. In this way, vulnerability becomes remote type ring0 memory corruption ".
For other operating systems, like Linux, OS X and other Unix-based software, the exploit it is manifested as a remote heap overflow as the root user in the Symantec or Norton process. According to noted Symantec Vulnerability, "the most common result of an attack carried out with success" might be a system crash or BSOD, the infamous blue screen of death. However all'exploit give life does not even require the 'user interaction, such as Ormandy has reported: "Since Symantec uses a driver to intercept all the I / O system, simply send a file to a victim or send link to exploit the bug. "
The positive part is that Symantec has already circulated on Monday a fix for its products, saying that anyone who uses LiveUpdate should already have received and installed the patch. To be affected by the vulnerability were the following software on all available platforms: Symantec Endpoint Antivirus, Norton Antivirus, Symantec Scan Engine Symantec Email Security. It is not the first time you found a bug on a virus, with the Project Zero who has in the past slapped other famous brands in the industry, such as Kaspersky, Avast, FireEye, AVG and Malwarebytes.
Comments
Post a Comment