Symantec patches AntiVirus Corporate Edition flaw

News

Symantec patches AntiVirus Corporate Edition flaw

Bill Brenner

Attackers could exploit a flaw in Symantec AntiVirus Corporate Edition and Client Security to overwrite kernel addresses, crash machines and run malicious code with elevated user privileges, the supplier has warned. A fix is available.

Vulnerability researcher Boon Seng Lim notified Symantec of the flaw, which resides in the SAVRT.SYS component of the program. An attacker could use the output buffer of the DeviceIOControl() function to overwrite kernel addresses because the address space of the output buffer was not properly validated, Symantec said, adding, "A successful exploit could potentially allow a local attacker to execute code of their choice with elevated privileges, or to crash the system."

Symantec said the flaw could be exploited under the following scenarios:

  • An attacker acquires local interactive access to a computer running the affected application.
  • The attacker creates an exploit that interacts with SAVRT.SYS in a manner that triggers this issue. The attacker executes the exploit application.
  • The application improperly validates the data. As a result, memory is overwritten with attacker-supplied data.

The flaw affects Symantec AntiVirus Corporate Edition 8.1, 9.0.3 and earlier versions; and Symantec Client Security 1.1, 2.0.3 and earlier.

The antivirus giant said its engineers verified the problem and released updates to address the affected products.

"Symantec is not aware of any customers impacted by this issue, or of any attempts to exploit the issue," the company added.

As a part of normal best practices, Symantec recommends that users keep all application software and operating systems up-to-date with the latest vendor supplied patches.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy