Symantec patches AntiVirus Corporate Edition flaw

News

Symantec patches AntiVirus Corporate Edition flaw

Bill Brenner

Attackers could exploit a flaw in Symantec AntiVirus Corporate Edition and Client Security to overwrite kernel addresses, crash machines and run malicious code with elevated user privileges, the supplier has warned. A fix is available.

Vulnerability researcher Boon Seng Lim notified Symantec of the flaw, which resides in the SAVRT.SYS component of the program. An attacker could use the output buffer of the DeviceIOControl() function to overwrite kernel addresses because the address space of the output buffer was not properly validated, Symantec said, adding, "A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system."

Symantec said the flaw could be exploited under the following scenarios:

  • An attacker acquires local interactive access to a computer running the affected application.
  • The attacker creates an exploit that interacts with SAVRT.SYS in a manner that triggers this issue. The attacker executes the exploit application.
  • The application improperly validates the data. As a result, memory is overwritten with attacker-supplied data.

The flaw affects Symantec AntiVirus Corporate Edition 8.1, 9.0.3 and earlier versions; and Symantec Client Security 1.1, 2.0.3 and earlier.

The antivirus giant said its engineers verified the problem and released updates to address the affected products.

"Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue," the company added.

As a part of normal best practices, Symantec recommends that users keep all application software and operating systems up-to-date with the latest vendor supplied patches.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy