Symantec Plugs High Risk AV Engine Flaw

The anti-virus vendor ships a new version of its scan engine to correct a potentially serious security vulnerability.

Anti-virus specialist Symantec Corp. has confirmed a high-risk vulnerability in multiple enterprise-facing products and warned that a successful exploit could lead to code execution attacks.

The company released a security alert to acknowledge the flaw, which was flagged in the Symantec Antivirus Scan Engine: Web Service Administrative Interface.

"The remote exploitation of a buffer overflow vulnerability in the Web-based Administrative Interface of the Symantec AntiVirus Scan Engine could potentially allow remote attackers to execute arbitrary code on a targeted system," the company warned.

The vulnerability carries a "high risk" rating.

The vulnerability is due to insufficient validation of user input in HTTP requests passed to the Scan Engine Web Service. A malicious hacker with access to an exposed administrative port could supply a maliciously crafted HTTP request to launch harmful code.

"[This] could potentially result in the execution of arbitrary code and unauthorized privileged access to the targeted system," Symantec said.

Successful exploitation allows arbitrary code execution with SYSTEM privileges, but requires the ability to send HTTP requests to port 8004/tcp. Affected users could also be at risk of denial-of-service attacks.

The vulnerability has been confirmed in the Symantec AntiVirus Scan Engine (version 4.0 and 4.3) and several enterprise-facing products that use the scan engine.

Patches to correct the vulnerability have been posted online.


Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.