• Subscriber/Sign In
  • Register
  • About Us
isssource.com
  • Home
  • Register
  • News
    • Careers
    • Government
    • Incidents
    • Industry Voices
    • Products and Services
    • Sending it Your Way
    • Technology Update
    • Views
  • Research
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • White Papers
  • Subscribe Now
  • Archives

Breaking News

  • Microsoft Engineer Charged with Money Laundering
  • Schneider Software Plan for InduSoft, InTouch Hole
  • Schneider Updates its Triconex Tricon
  • Rockwell Plan on Stratix Services Router Fix
  • Rockwell Updates Stratix, ArmorStratix Switches
  • Rockwell Mitigation Plan for Ethernet Switch
  • U.S., UK OT Alert on Russians Hackers
  • PAS: Safety System Attack Preventable
  • Balchem Feeds off SHARP
  • Cybersecurity Framework Version 1.1 Released
  • New Alloy Boosts Nuclear Safety
  • Moxa Clears Router Holes
  • 3 Injured in Blast at MN 3M Plant
  • Yokogawa’s Mitigations for CENTUM, Exaopc Hole
  • TÜV, SecurityMatters Security Partnership
  • PAS: Cyber a New Domain
  • Read More

Chemical Safety Incidents

White Papers

  • A Year in Vulnerabilities
  • A Year in Threats
  • Year in Hunting and Responding
  • Finding the Competitive Edge
  • Going Digital
  • Visibility Leads to Knowledge
  • Tips to SCADA Security
  • Read More

Sending it Your Way

  • exida Explains
  • ABB: Process Automation Insights
  • Joel Langill: SCADAhacker
  • [In] Security Culture
  • Eric Byres: Practical SCADA Security
  • Department of Homeland Security
  • Jim Cahill
  • Dale Peterson
  • Industrial Defender
  • Wurldtech
  • Read More

Symantec Fixes Antivirus Vulnerability

Wednesday, May 18, 2016 @ 01:05 PM gHale

Symantec updated its Antivirus Engine (AVE) to address a critical memory corruption vulnerability.

The flaw (CVE-2016-2208) results from how the Symantec AVE parses executable files packed by the ASPack executable file compressor.

RELATED STORIES
Symantec Fixes Gateway Security Issues
Symantec Fixes Security Issues
Hackers Hit Security Firm
Intel Fixes McAfee Bug

Symantec and Norton products suffer from the issue, including Symantec Endpoint Antivirus, Norton Antivirus, Symantec Email Security and Symantec Scan Engine.

The vulnerability can end up remotely exploited for code execution by sending a specially crafted file to the victim — either via email or by sending them a link pointing to the file. Google Project Zero researcher Tavis Ormandy, who discovered the flaw, developed a proof-of-concept (PoC) exploit which he released after Symantec patched the issue.

“On Linux, Mac and other UNIX platforms, this results in a remote heap overflow as root in the Symantec or Norton process. On Windows, this results in kernel memory corruption, as the scan engine is loaded into the kernel (wtf!!!), making this a remote ring0 memory corruption vulnerability – this is about as bad as it can possibly get,” Ormandy said in a blog post.

Symantec said the code executed at kernel level with root privileges causes a memory access violation, which in most cases results in an immediate system crash.

No interaction ends up required to trigger the exploit. In fact, when Ormandy sent his PoC to Symantec, the security firm’s mail server crashed after its product unpacked the file.

Ormandy reported this and other critical remote code execution vulnerabilities to Symantec in late April.



Leave a Reply

Click here to cancel reply.

You must be logged in to post a comment.

« Guilty: Hacker Faces Hard Time
PA Nuke Operating after Shutdown »

  • Home
  • Register
  • View Spotlight Article
  • News
  • Research
  • Events
  • Login
  • Lost Password
  • Training & Certification
  • White Papers
  • Subscribe Now
  • About Us
  • Archive
  • Sitemap
  • Careers
  • Government
  • Incidents
  • Industry Voices
  • Products and Services
  • Sending it Your Way
  • Technology Update
  • Views
Policies
Copyright © 2018 isssource.com
Powered by Magic Members Membership Software