Symantec's Antivirus Has A Critical Vulnerability

The company that released a temporary workaround for a critical Internet Explorer bug has some pretty bad news for Symantec, one of the largest producers of security solutions.

eEye Digital Security has posted a security advisory on its site about a serious bug in the Symantec Antivirus application which doesn't require any end user interaction for exploitation and can compromise affected systems, allowing for the execution of malicious code with SYSTEM level access.

The security company said that from the initial research, the bug has been found in Symantec Antivirus 10.x and Symantec Client Security 3.x, but that other products of the Cupertino-based company might be affected as well.

Marc Maiffret, chief hacking officer at eEye Digital Security, demonstrated an attack based on the vulnerability for The Associated Press and said that the Aliso Viejo, California-based company already has a product which protects vulnerable systems and operates alongside Symantec's anti-virus products.

At the end of last week, Symantec sued Microsoft for misappropriating its intellectual property and for breaching the contract. The lawsuit filed by the Cupertino-based security company seeks an injunction to stop Microsoft from selling Vista.