Personal Tech Pipeline | News | Symantec Bug Not Cut Out For Worm, Says Rival

White Papers

Sponsor Resources

WebCasts
Free Newsletter GlossaryContact UsAbout Us
Players & CamsPhones & PDAsHome & AutoOnline

December 23, 2005

Symantec Bug Not Cut Out For Worm, Says Rival



Courtesy of TechWeb News

The vulnerability in Symantec's anti-virus line disclosed earlier this week isn't a big risk, a rival security firm said Friday.

Internet Security Systems' X-force research group said in an online alert that although the vulnerability is serious, the "likelihood of this vulnerability being leveraged by a worm is low."

The bug in Symantec's AntiVirus Library, a component shared among more than 60 titles in the Cupertino, Calif.-based company's security line-up, was made public earlier this week. The Library can be compromised by sending a malicious RAR archive file as an e-mail attachment, which then creates a heap overflow on the victimized PC or Mac. That condition could allow the attacker to introduce his own code remotely, without any user interaction.

Internet Security System (ISS), however, noted that a successful exploitation of the flaw requires a very large RAR file, one in the 35-40MB range.

"Files this large are not generally passed by mail servers and [so we] can eliminate this as a vector for a worm," continued the ISS alert.

Symantec has pushed out an update that should spot any attempt to exploit the bug, but it has not yet produced patches to fix the underlying flaw.

E-mail This Story
Print This Story
Reprint This Story




Get the latest Personal Tech news, product info, and trends every week.


Related Content

  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Personal Tech Pipeline's Blog RSS Feed

<A HREF="http://as.cmpnet.com/event.ng/Type=click&amp;FlightID=43527&amp;AdID=86369&amp;TargetID=3743&amp;Segments=1411,1892,3108,3448,4526,4760&amp;Targets=1491,2625,2878,3743&amp;Values=34,46,51,63,77,85,90,100,140,222,227,399,442,645,646,659,1184,1405,1431,1785,1798,1901,1925,1945,2217,2299,2310,2329,2352,2678,2787,2862,2956,3229,3347,3385&amp;RawValues=&amp;Redirect=http://www.cmp.com/resources/res_whitepapers_main.jhtml?cid=b2b_feet" target="_top"><IMG SRC="http://i.cmpnet.com/ads/graphics/as5/ps/blank.gif" WIDTH=300 HEIGHT=250 BORDER=0></A>

Keeping Up To Date On Enterprise Server Tech?
Review our compilation of columns on server security, database software, and Linux issues.
How to Achieve High Performance Through IT
Learn to achieve high performance by aligning IT to
strategic objectives and solutions to unlock that value.
Using Current Performance to Shape
Future Results

Hear new strategies for improving business
performance and results.

Editor's Picks

Well, Microsoft has "unfolded" its "Origami" ultra-mobile PC platform Thursday. It turned out to be a full-featured PC smaller than a tablet but bigger than a PDA. Are you impressed?
Yes! I want one!
Sort of. We'll see.
No! It's too big for a pocket and too small for real computing. What's the point?


In search of personal tech products? See our new Product Finder, where you'll find personal computing devices, communications solutions, security products, and more.



PERSONAL TECH PIPELINE MARKETPLACE (sponsored links)
Symantec Backup Solutions
Desktop to Data Center Protection. Explore the Official Symantec Site.

ibm.com Business sale
through March 31 save 10% on select IBM eServer� IntelliStation� and xSeries� Express models, 5% on select warranty products, 10% on IBM Certified Used Equipment including notebooks and desktops and 70% on Storage Enterprise Server (2105-800P)

Save Big On IBM Certified Used Equipment
IBM Quality at a fraction of the price of new! IBM Certified Used Equipment provides access to a broad selection of used IBM systems, upgrades and features, including newer equipment. All systems are factory-refurbished with a 3-month guarantee.

Buy, Sell or Rent Used Cisco Equip-Save up to 85%
Digital Warehouse buys, sells, & rents used Cisco networking hardware such as routers & switches, as well as Juniper, Extreme & Foundry at 50-80% off list price. One year warrantee and fast delivery.

Flexible Anti-Spam Solution - CanIt-PRO
Stop spam on your terms with CanIt-PRO, the most flexible and customizable anti-spam solution available for the mail server. Offers per-user or per-group controls and is available as software or hardware appliance.


Buy a Link Now


Top ten search terms from the TechWeb TechEncyclopedia
How does your pay rate? Check the InformationWeek Salary Survey
Mobilized Solutions Guide: Find and compare solutions for your business
Top Requested White Paper Categories from TechWeb White paper Library
Top ten search terms from the TechWeb TechEncyclopedia