Symantec, McAfee security flaws
p2p news / p2pnet: Both Symantec Corp and McAfee Inc security applications are insecure, say the companies.
“Symantec reported flaws in its AntiVirus,” says SearchSecurity.com. The library, “has been found prone to multiple heap overflow vulnerabilities when scanning malformed .rar [archive files],” it has the company saying, going on:
“The issues can be leveraged remotely to gain complete control over the affected system. Exploitation can occur without user interaction over protocols such as SMTP (Simple Mail Transfer Protocol).” Symantec said the flaw is of high urgency and affects AntiVirus Corporate Editon, Brightmail Anti-Spam; Client Security; Gateway Security; Norton AntiVirus; Norton Antivirus for Macintosh; Norton AntiVirus for Microsoft Exchange; and Norton Internet Security.”
The McAfee holes are revealed by iDefense which says hackers could exploit an access control vulnerability in McAfee Security Center which would allow them to, “create or overwrite arbitrary files. The vulnerability specifically exists due to a registered ActiveX control failing to restrict which domains may load the control for execution.
“MCINSCTL.DLL as included with McAfee Security Center exports an object for logging called MCINSTALL.McLog. The McLog object is designed to allow Security Center to log to a file through the StartLog and AddLog methods. McAfee fails to restrict the ActiveX control from being loaded in arbitrary domains. As such, attackers can create a specially crafted web page utilizing the McLog object to create arbitrary files. This attack can lead to arbitrary code execution by a remote attacker.”
SearchSecurity.com says Symantec hasn’t yet plugged the hole but, “users can blunt the threat by disabling the scanning of .rar-compressed files and not opening e-mail attachments from untrusted sources”.
The McAfee problem, “hints at a new class of vulnerabilities that occur due to developers not using the IObjectSafetySiteLock() API to restrict domains that can load a particular ActiveX control,” says iDefense. “Vendors who distributed third-party ActiveX controls should be sure to use the IObjectSafetySiteLock() API in their applications.”
IDefense says, “McAfee previously released updates to SecurityCenter that resolve this issue. All active McAfee SecurityCenter users, by default, should have automatically received the update, and will now have the fix for this vulnerability already installed on their computers.”
Also See:
SearchSecurity.com – Flaws plague Symantec, McAfee, December 21, 2005
iDefense – McAfee Security Center MCINSCTL.DLL ActiveX Control File Overwrite Vulnerability XML RSS, December 20, 2005
