Symantec vulnerabilities

Posted by   Virus Bulletin on   Apr 20, 2004

eEye reports four new Symantec vulnerabilities

eEye Digital Security has reported that it has discovered four new vulnerabilities affecting Symantec products. Products affected are Norton Internet Security 2004, Norton Internet Security 2004 Professional and Norton Personal Firewall 2004.

eEye rates the severity of all four vulnerabilities as 'high' and describes three of them as 'remotely-exploitable vulnerabilit[ies] that allow anonymous attackers to compromise default installations of the affected software and gain absolute access to the host machine' and the fourth as 'a remotely-exploitable vulnerability that allows an anonymous attacker to execute a severe denial-of-service attack against systems running default installations of the affected software.' Another Symantec vulnerability is currently awaiting the release of a patch.

eEye employs a policy of releasing only minimal details of vulnerabilities until the manufacturer of the software concerned has released a patch. Nevertheless, March 2004 saw a buffer overflow vulnerability employed by a worm only 24 hours after its publication by eEye - see VB May 2004, p.9.

Posted on 20 April 2004 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.