Much of the product line from security firm Symantec contains a raft of vulnerabilities that expose millions of consumers, small businesses, and large organizations to self-replicating attacks that take complete control of their computers, a researcher warned.
"These vulnerabilities are as bad as it gets," Tavis Ormandy, a researcher with Google's Project Zero, wrote in a blog post. "They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption."Read more
Whoever thought loading an anti-virus engine into the Windows kernel was a good idea should finally have proof that they were completely and utterly wrong.
That proof has arrived from Tavis Ormandy of Google's Project Zero team, who discovered the Symantec Antivirus Engine was vulnerable to a buffer overflow when parsing malformed portable-executable header files. "Such malformed PE files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site," Symantec said in its advisory. "No user interaction is required to trigger the parsing of the malformed file."Read more