• United States



by Paul Kerstein

Symantec AntiVirus Scan Engine Has Serious Bug

Oct 07, 20051 min
CSO and CISOData and Information Security

Users of the Symantec Corp.’s AntiVirus Scan Engine are being advisedto upgrade their software, thanks to a critical security bug in theproduct. The flaw could theoretically allow an attacker to take controlof an affected system, according to Symantec

Because of a bug in the Scan Engine’s administrative interface, it ispossible for an attacker to take over a system running the software bycreating a specially crafted HTTP (Hypertext Transfer Protocol)request, Symantec said in a security advisory. The attacker would needto gain access to an exposed administrative port on the server for thisattack, the report said.

Users of versions 4.0 and 4.3 of the Scan Engine product are advised to upgrade to version 4.3.12, Symantec said.

Symantec is the second security vendor to report a major security bugin its products this week. Kaspersky Labs Ltd. also reported asimilarly critical flaw in its Antivirus Library, which is used by awide range of the company’s antivirus products.

Symantec’s advisory can be found here:

By Robert McMillan – IDG News Service (San Francisco Bureau)