Internet security company Symantec has acknowledged that the flaw in 2 of its products (Symantec Client Security 3.1 and Antivirus Corporate Edition 10.1)
is a high impact risk.
The flaw was discovered by researchers at eEye Digital Security who brought it to the attention of Symantec.
A statement on Symantecs web site said "Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow.
Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with
System level rights on the affected system"
Symantec has taken the following steps to recitfy the situation:
• Symantec Security Response has released IPS signatures to detect attempts to exploit this issue.
• Symantec Network Security Appliance 7100 signatures, SU 46, are available via LiveUpdate.
• Symantec Gateway Security 3.0 signatures, SU 19, are available via LiveUpdate.
• Symantec Client Security 2.0 and 3.0 signatures, SU 22, are available for update via LiveUpdate.
• Symantec recommends customers immediately apply the latest Security Update to protect against potential related attacks.