Researcher Claims Online Anti-virus Scanners Buggy
UPDATED: Online scanners from Symantec, McAfee and Panda all contain buffer overflows. One researcher claims an attacker could execute arbitrary code, another just that they could crash the browser. Panda reportAn Israeli security researcher claims to have found security holes in the free online scanners of three major anti-virus companies. Rafel Ivgi, also known as "The Insider," in posts to several security mailing lists, claims that Panda ActiveScan, McAfee FreeScan, and Symantec Virus Detection all suffer from buffer overflows that could allow an attacker to crash the system and potentially execute arbitrary code. Within several hours Panda Software reported that they had updated their control to fix the problem, and recommend that all users who have used ActiveScan in the past visit the site and run it in order to update the control.
Symantec states that "Symantec has reviewed the claim and has confirmed that there is not a buffer overflow and no arbitrary code can be executed with Symantec Security Check." McAfee states "McAfee Security has reviewed the code in McAfee FreeScan and found that the application cannot be exploited to cause a buffer overflow, no memory corruption can occur, nor can remote code be executed as described by Rafel Ivgi. Should a user be lured to a Web site that attempts to exploit the McAfee FreeScan ActiveX object, the only potential result would be that users would see an error in their Web browser, resulting in a crash in that session only. This does not represent a serious threat to end users; however, McAfee will release an update that will correct this behavior."
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: