
Flaw in Symantec security tool
Date: May 29, 2006Source: itp.net
By:
Researchers have exposed a flaw in Symantec’s corporate anti-virus software, which could allow hackers to gain control of an affected computer.
Symantec has now confirmed the existence of the vulnerability on its website, but has yet to release a patch to secure the affected versions. Its website is currently offering detection tools to help organisations detect attempts to exploit the flaw, although at this stage no exploits are known to exist.
The flaw – a stack overflow in Symantec Client Security version 3.0 and above and Symantec AntiVirus Corporate Edition version 10.0 and above – was discovered by researchers at eEye Digital Security on May 24. Symantec released a statement the following day, and confirmed the vulnerability on May 26.

