Symantec AntiVirus Scan Evasion Vulnerability

Symantec AntiVirus is prone to a vulnerability that may allow an attacker to bypass on-demand scans.

Successful exploits will allow attackers to bypass on-demand virus scanning, possibly allowing malicious files to escape detection.

Update (March 1, 2010): Attackers require local access to exploit this issue. Symantec AntiVirus 11.x is not affected by this issue.

Update (March 2, 2010): Symantec Endpoint Protection is not affected by this issue.

The following products are affected:

Symantec AntiVirus 10.0.x
Symantec AntiVirus 10.1.x
Symantec AntiVirus 10.2.x
Symantec Client Security 3.0.x
Symantec Client Security 3.1.x


Privacy Statement
Copyright 2010, SecurityFocus