Posted by Virus Bulletin on Apr 20, 2004
eEye reports four new Symantec vulnerabilities
eEye Digital Security has reported that it has discovered four new vulnerabilities affecting Symantec products. Products affected are Norton Internet Security 2004, Norton Internet Security 2004 Professional and Norton Personal Firewall 2004.
eEye rates the severity of all four vulnerabilities as 'high' and describes three of them as 'remotely-exploitable vulnerabilit[ies] that allow anonymous attackers to compromise default installations of the affected software and gain absolute access to the host machine' and the fourth as 'a remotely-exploitable vulnerability that allows an anonymous attacker to execute a severe denial-of-service attack against systems running default installations of the affected software.' Another Symantec vulnerability is currently awaiting the release of a patch.
eEye employs a policy of releasing only minimal details of vulnerabilities until the manufacturer of the software concerned has released a patch. Nevertheless, March 2004 saw a buffer overflow vulnerability employed by a worm only 24 hours after its publication by eEye - see VB May 2004, p.9.
Posted on 20 April 2004 by Virus Bulletin
