Hi malware fighters,
A big flaw has been discovered in Symantic AV Software:
http://eeye.com/html/research/upcoming/20060524.html
Finding exploitable leaks inside security software is bad as it is, but finding up problems of a general nature like stack-based buffer overflows means that there are systematic problems. Secure coding is expensive to small developers, but a multi million company like Symantec could afford to do so".
If the vulnerability is exploitable by a worm, this could mean there would be a gigantic spread, because Symantic runs on many a machine, but it was stated that Norton Internet Security 2006 as used by many consumers is not vulnerable.
But recently also a flaw with the scanning engine was patched:Symantec Scan Engine Web Interface Unauthorized Access Vulnerability: By exploiting a proprietary XML command language, a remote unauthorized attacker could access the Scan Engine’s administrative interface, allowing them to do anything a local user could do. Symantec has released an update, available here:
http://securityresponse.symantec.com/avcenter/security/Content/2006.04.21.html
polonus