Symantec affected by security flaws

News Analysis

Symantec affected by security flaws

The latest in a plague of security flaws affecting vendors has now caught up with Symantec.


A buffer overflow flaw in the Symantec Antivirus Scan Engine could let remote attackers run code on vulnerable machines, Symantec suggested in a security advisory.


The problem is relevant to various versions of the engine, which is the part of the security software that does the scanning for threats. Symantec rated the problem as "high" in terms of its risk impact, and strongly recommended its customers to use the security patches that are available to correct the problem.


The security hole lies in the web-based administrative interface of Symantec’s Antivirus Scan Engine, which is common to several of the company's antivirus products. An attacker could exploit it by sending a malformed request to the interface, according to security intelligence company iDefense.


Both Symantec and Kaspersky have been the subject of flaw reports issued by security researchers or intelligence specialists. But how is it that these security vendors always have to rely on someone else to find security holes, followed by the response that the threat is minimal and that a patch will be available soon? Why can these vendors not find their own security flaws before they release their products? Prevention is better than a cure.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy