Symantec's antivirus software vulnerable to worms - security firm

Update: 3:32 PM EST

Aliso Viejo (CA) - Symantec today confirmed a vulnerability in its Antivirus Corporate Edition 10.x software, which - a security firm claims - can provide malicious users with far-reaching remote system-level access to computers.

The vulnerability, first reported by Eeye Digital Security on Thursday, is described as "a remotely exploitable vulnerability [that] exists within the Symantec Antivirus program." According to the company, the flaw affects the Symantec products Antivirus 10.x and Symantec Client Security 3.x and "does not require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with system level access."

Symantec reacted early Friday with a brief statement, confirming that it has received a report about a "potential remotely exploitable vulnerability," but mentioned that it would only be affecting the "Antivirus Corporate Edition 10.x." The firm stated that "product teams are currently investigating this report" and "If necessary, we will provide updates for all currently supported products to resolve this issue."

Symantec confirmed the possibility of remote access Friday afternoon but said that a publicly available has not been detected so far. The firm apparently has also verified that "Norton products do not contain the code affected by this potential vulnerability." As a result, the firm believes that "none of the Norton products are affected by this issue."

In a conversation with TG Daily, Eeye vice president of marketing Mike Puterbaugh said that the security hole was discovered during a routine evaluation of "new attack methods" and then went though a "huge testing process" before Symantec was notified of the vulnerability. Puterbaugh said that Eeye posted the flaw on its own website in an effort to keep companies "honest" and to encourage them to fix the problem quickly.

Eeye considers the threat potential of the vulnerability as critical not only because an exploit could provide a malicious user "complete access to a machine," but also because of the enormous exposure of the antivirus software. According to Puterbaugh, Symantec Antivirus may be used in as much as 60% of all large U.S. corporations, which creates a huge target group for hackers as long as the vulnerability exists.

There is no common workaround to close the security hole at this time, but Eeye recommends corporations using the software to review the policies of software running on exposed systems "right now." Puterbaugh said that a lot of security products force companies to make tradeoffs in functionality when choosing higher security levels and it may be time to apply a stronger lock on systems. Also, he mentioned that Eeye's "Blink" product can protect "absolutely critical" machines in the current threat scenario. "It can be deployed fairly quickly: We can put it on 500 to 1000 machines within a day," he told TG Daily.

Related article:
Symantec's antivirus software vulnerable to worms - security firm