A flaw in the Symantec's desktop antivirus for corporations could allow an attacker to compromise a victim's system without relying on any user interaction, security firm eEye Digital Security said in an advisory posted this week.
The security firm published an upcoming advisory on the vulnerability on Thursday, a day after notifying Symantec of the flaw. The flaw affects Symantec Antivirus 10.x and Symantec Client Security 3.x, according to the eEye's tests. Symantec, which confirmed the vulnerability on Friday, stressed that it does not affect any of its consumer desktop security products. (SecurityFocus is owned by Symantec.)
"Symantec verified that the issue does not affect its Norton consumer brand of products and has released signatures to protect its corporate customers running current affected versions of Symantec Client Security, Symantec Network Security and Symantec Gateway Security," the company said in a statement sent to SecurityFocus.
Ever since Internet Security System found a series of flaws in almost every major antivirus program, the security software has been a favorite stomping ground of vulnerability researchers. Both Symantec and eEye Digital Security have stated that the companies do not believe the flaw is currently being exploited by attackers.
Symantec posted fixes for the flaw over the weekend.
UPDATE: The news brief was updated at 7:40 a.m. PST with a link to Symantec's advisory, which includes patches for fixing the vulnerability.
Posted by: Robert Lemos