Symantec has released security updates for AntiVirus Corporate
Edition and Backup Exec,
fixing flaws attackers could exploit to gain extra user
privileges, cause a denial of service or possibly launch
malicious code.
The antivirus giant said
in its SYM07-017 advisory that the first
flaw is in the Real-Time scanner (RTVScan) component of Symantec
Antivirus Corporate Edition, which provides notification and
logging services for the product.
"One function of RTVScan is to display a notification window
with information about a threat found on the system if the program
is configured to use that option," Symantec said. "[Researcher] Ali
Rhabar notified Symantec that an unprivileged user could
potentially attack this window with specially crafted code and gain
system-level privileges on their local system. The user could then
run code of their choice on their local system."
The good news, Symantec said, is that the attack potential is
limited to local users and that the elevation of privilege is
limited to the user's own system.
The advisory outlines fixes Symantec has made available for
supported versions of the application. The vendor also suggested
disabling the "notification message" window as a workaround.
Meanwhile, Backup Exec for Windows servers is vulnerable to a
denial-of-service condition when specifically formatted calls are
made to a registered RPC interface, according to Symantec's
SYM07-015 advisory.
"The DoS occurs due to improper validation and subsequent
handling of user input," Symantec said in its advisory. "Successful
exploitation requires access to the service port which in a normal
installation would require the attacker to have authorized but
non-privileged access to the network on which the targeted server
resides to leverage network communications."
Symantec said a successful attack would normally result in
termination of the targeted service, but that "there is a slight
potential that a sufficiently designed and implemented attack could
possibly result in arbitrary code execution on and elevated access
to the targeted system."
The vendor said its engineers have addressed the issue in all
currently supported versions of the product.