Vulnerability found in Symantec Antivirus allowing full control over the system

    imageSecurity researchers from the Zero group (created by Google to prevent attacks from previously unknown vulnerabilities) have uncovered critical vulnerability information ( CVE-2016-2208 ) in Symantec antivirus software. When checking specially designed files in the “PE” format, it is possible to initiate a buffer overflow and organize code execution in the system.

    While parsing executable files compressed by an earlier version of aspack , a buffer overflow may occur in the Symantec Antivirus Engine module, which is used in most antivirus products released under the Symantec and Norton brands. This situation becomes possible if the data section is truncated, i.e. if the SizeOfRawData value exceeds the SizeOfImage value.

    And now about the most interesting. Since Symantec software uses a filter driver to intercept all the I / O operations in the system, an attack can be made by sending an exploit to the victim system in almost any way - say, in the form of an email message or a file link.

    On Linux, Mac, and other UNIX platforms, this way you can achieve heap overflow remotely performed as root in Symantec or Norton processes. On Windows, the result will be damage to the kernel memory, since there the scanning module is loaded into the kernel, which may allow code to be executed with kernel rights at the ring0 protection level.

    Products under the Symantec and Norton brands are also interesting because they are often included in the supply of PCs and laptops. This, of course, also influenced their prevalence, especially the cutoff of Western users.

    The manufacturing company quickly published an update that fixes this vulnerability. Thus, it is important to install it, including and on Unix servers (installation will require a server reboot).

    Only registered users can participate in the survey. Please come in.

    Do you use Symantec antivirus products?

    • 17.7% Yes 73
    • 82.2% No 338

    If so, how did they get to you?

    • 30.9% came bundled with a PC / laptop 30
    • 16.4% Purchased independently 16
    • 52.5% Purchased by the company where I work 51

    Also popular now: