Security News > 2016 > May > Bug in Symantec’s anti-virus engine can lead to system compromise (Help Net Security)

Bug in Symantec’s anti-virus engine can lead to system compromise (Help Net Security)
2016-05-17 15:48

Google Project Zero researcher Tavis Ormandy has unearthed a critical remote code execution vulnerability in the anti-virus engine powering Symantec’s endpoint security products (including Norton-branded ones). The flaw (CVE-2016-2208) has been responsibly disclosed to the company, and it released a new version of its Anti-Virus Engine (v20151.1.1.4) with the fix incorporated. It will delivered to customers via LiveUpdate along with the usual definition and signature updates, Symantec reassured. In the security advisory accompanying the security … More →


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/9usdsmpEb40/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2016-05-19 CVE-2016-2208 Resource Management Errors vulnerability in Symantec Anti-Virus Engine 20151.1.0.32
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
network
low complexity
symantec CWE-399
critical
9.1