TITLE: Symantec Client Security / AntiVirus Unspecified Code Execution SECUNIA ADVISORY ID: SA20318
VERIFY ADVISORY: http://secunia.com/advisories/20318/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Symantec Client Security 3.x http://secunia.com/product/6649/ Symantec AntiVirus Corporate Edition 10.x http://secunia.com/product/5555/ DESCRIPTION: eEye Digital Security has reported a vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified boundary error and can be exploited to cause a stack-based buffer overflow. Successful exploitation allows execution of arbitrary code with SYSTEM privileges. SOLUTION: Apply patches (see patch matrix in vendor advisory). ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2006.05.25.html eEye Digital Security: http://www.eeye.com/html/research/upcoming/20060524.html ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
