- Symantec Client Security
- Symantec Endpoint Protection
- Symantec AntiVirus Corporate Edition
- Norton Internet Security
- Norton 360
- Norton AntiVirus
- Norton Systemworks
Patch availability :
~~~~~~~~~~~~~~~~~~~~
Patches distributed through automatic updates
Overview
Some versions of Symantec’s device driver SYMTDI.SYS contain a vulnerability which, if successfully exploited, could allow a local attacker to cause the system to crash.
Affected Products
Norton AntiSpam 2005
Norton AntiVirus 2005, 2006
Norton Internet Security 2005
Norton Personal Firewall 2005, 2006
Norton System Works 2005, 2006
Symantec AntiVirus Corporate Edition 10.0
Symantec AntiVirus Corporate Edition 10.1, prior to SAV 10.1 MR6 MP1
Symantec Antivirus Intel Alert Handler Service Denial of Service
TSL ID: FSC20101213-06
1. Affected Software
Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior
Symantec System Center 10.1.8.8000 and possibly prior
Reference: http://www.symantec.com/business/antivirus-corporate-edition
I. BACKGROUND
Symantec System Center is an MMC (Microsoft Management Console) snap-in
that allows an administrator to remotely manage Symantec products. The
Symantec System Center comes bundled with several Symantec products,
including Symantec Client Security and Symantec AntiVirus. It contains
an optional component called the Alert Management System Console. This
component starts a service (Intel File Transfer) that listens on TCP
port 12174.
II. DESCRIPTION
NOD32 takes several minutes of kerneltime to scan the multikill mails. ESET
did not comment on this issue and was informed on 01.08.08.
Kaspersky Internet Security Suite takes several minutes to scan the
multikill mail. Kaspersky was informed on 29.07.08, confirmed the issue and
promised to fix the problem.
Norton Antivirus takes several minutes to scan the multikill mails. Norton
was informed on informed 01.08.08 and answered promptly and politely.
Norton promised not to fix the problem, since it would not qualify as a
Denial of Service vulnerability.
TSL ID: FSC20100727-01
1. Affected Software
Symantec Antivirus Corporate Edition 10.1.8.8000 and possibly prior
Symantec System Center 10.1.8.8000 and possibly prior
Reference: http://www.symantec.com/business/antivirus-corporate-edition
2. Vulnerability Summary
brlc> NOD32 takes several minutes of kerneltime to scan the multikill mails. ESET
brlc> did not comment on this issue and was informed on 01.08.08.
brlc> Kaspersky Internet Security Suite takes several minutes to scan the
brlc> multikill mail. Kaspersky was informed on 29.07.08, confirmed the issue and
brlc> promised to fix the problem.
brlc> Norton Antivirus takes several minutes to scan the multikill mails. Norton
brlc> was informed on informed 01.08.08 and answered promptly and politely.
brlc> Norton promised not to fix the problem, since it would not qualify as a
brlc> Denial of Service vulnerability.
Digital Security Research Group [DSecRG] Advisory #DSECRG-09-039
Application: Symantec Antivirus Client Proxy
Versions Affected: Version 10
Vendor URL: http://symantec.com
Bugs: Buffer Overflow
Exploits: POC
Reported: 04.05.2009
Vendor response: 07.05.2009
Date of Public Advisory: 17.02.2010
