14 DAY TRIAL // Symantec is often described as one of the best security companies on the Internet but sometimes you wouldn't say that because most of its products are the subjects of the security advisories. Today, numerous Symantec solutions proved us that a single security hole can affect the entire computer because a successful exploitation of the flaw can lead to higher privileges for the attacker. Symantec Norton Antivirus, Symantec Norton Internet Security, Symantec Norton Personal Firewall and Symantec Mail Security in most of their versions are included in the security alerts.
According to Symantec, there is a problem with the way these products handle RAR and CAB files, allowing the attackers to compromise an affected system using a simple Denial Of Service attempt.
"The first vulnerability is related to the decomposition of RAR files. Modifying the RAR file header in a specific way, causes the decomposer to enter an infinite loop causing a Denial of Service," Symantec said in the advisory.
"The second vulnerability is related to the decomposition of CAB files. The Symantec Decomposer fails to perform proper bounds checks when copying from the CAB archive. This may result in the possibility of arbitary code execution on the vulnerable system."
As usual, you're encouraged to install the latest version of the vulnerable applications as well as updating the virus database to the latest definitions. But this time, it is somehow different because the applications that were supposed to defend our computers are vulnerable as well so there is no security ensured. However, you can remain up-to-date with the latest virus definitions using the LiveUpdate function included in most of the Symantec products.
"Symantec engineers have verified and corrected these issues in all currently supported products. Updates are available for supported products. Symantec recommends customers apply the latest product update available for their supported product versions to enhance their security posture and protect against potential security threats of this nature."