Serious Flaw Hits Symantec AntiVirus

Security research firm eEye warned Thursday that a high-risk vulnerability exists within Symantec's Norton AntiVirus 10.x that could allow for code execution. According to an advisory posted on eEye's Web site, the flaw does not require any user interaction to be exploited.

Especially troubling is the fact that that after the vulnerability is exploited, a hacker gains access to a command shell. This means that the attacker would be able to perform just about any action, and opens up the possibility of a worm automatically infecting systems.

The problem potentially affects millions of Symantec users, according to researchers. Over 200 million systems use Symantec's antivirus software.

Symantec is currently investigating eEye's claims but had nothing further to add at press time. It noted, however, that the company was prepared to offer a quick response and fix if necessary.

While proof-of-concept code is not publicly available at this time, it could be only a matter of time before hackers figure out ways to exploit the vulnerability. It is also possible they are doing so already, and security researchers aren't yet aware of it.

The Cupertino, Calif., based security software maker has been criticized for such issues and other missteps over the years. Recently, several problems have surfaced, including flaws in the company's Scan Engine product, as well as a critical flaw in the way it scans RAR files.

Additionally, Symantec has been caught using a rootkit-like feature in its products, and has suffered financial setbacks from a $1 billion tax bill owed by Veritas, which was bought by Symantec in 2004.

103 Responses to Serious Flaw Hits Symantec AntiVirus

Why Trust Us



At BetaNews.com, we don't just report the news: We live it. Our team of tech-savvy writers is dedicated to bringing you breaking news, in-depth analysis, and trustworthy reviews across the digital landscape.

BetaNews, your source for breaking tech news, reviews, and in-depth reporting since 1998.

© 1998-2025 BetaNews, Inc. All Rights Reserved. About Us - Privacy Policy - Cookie Policy - Sitemap.