Tweet
Just something I thought some of you may be interested in.
Security Flaws Found in McAfee AntiVirus
Mon Mar 21, 1:23 PM ET
Technology - NewsFactor
Elizabeth Millard, www.cio-today.com
A vulnerability has been discovered in the McAfee AntiVirus library, which is used in many of the company's desktop, server and gateway products.
Reported by Atlanta-based security firm Internet Security Systems , the problem appears when a malformed file in the compressed LHA format is processed by the library. When such an event occurs, a stack overflow can be triggered, allowing an attacker to execute malicious code.
The McAfee product is used to parse different file formats to detect malware.
Other security software makers have had similar trouble lately as well. Compressed file processing in a library engine also produced flaws in Trend Micro's antivirus products.
Open Hole
Successful exploit of the McAfee vulnerability could lead to unauthorized access to networks and machines that are protected by the McAfee AntiVirus library product, according to ISS.
Implementations of McAfee AntiVirus library are likely vulnerable through common protocols like SMTP, HTTP and FTP, the security firm reported.
No authentication is required for an attacker to exploit the flaw, leading ISS to conclude that the library implementations are vulnerable in their default configurations.
Tempting Target
Antivirus programs are attractive to virus writers because they involve a large number of users and can guarantee a fairly high infection rate, especially if the program is popular, said Thomas Kristensen, security researcher at Secunia.
In early February, Secunia and several other firms reported on vulnerabilities in a number of Symantec's (Nasdaq: SYMC - news) products.
"It's appealing to attackers to find exploits in antivirus," Kristensen told CIO Today. "But we can take comfort in the fact that it's security firms finding these flaws first. Obviously, it would be pretty bad if malicious guys had gotten there before everyone else."
Future Threat
Despite the recent holes seen in McAfee and Symantec products, generally there have not been many vulnerabilities reported in antivirus software, said Kristensen.
However, it is possible that these types of programs will draw the attention of attackers in the future, especially as more users download antivirus protection.
"Antivirus software is usually very complex, so although it would be nice if the programs were flawless, it's natural for errors to occur," he noted. "Sadly, it's just bound to happen."
Mon Mar 21, 1:23 PM ET
Technology - NewsFactor
Elizabeth Millard, www.cio-today.com
A vulnerability has been discovered in the McAfee AntiVirus library, which is used in many of the company's desktop, server and gateway products.
Reported by Atlanta-based security firm Internet Security Systems , the problem appears when a malformed file in the compressed LHA format is processed by the library. When such an event occurs, a stack overflow can be triggered, allowing an attacker to execute malicious code.
The McAfee product is used to parse different file formats to detect malware.
Other security software makers have had similar trouble lately as well. Compressed file processing in a library engine also produced flaws in Trend Micro's antivirus products.
Open Hole
Successful exploit of the McAfee vulnerability could lead to unauthorized access to networks and machines that are protected by the McAfee AntiVirus library product, according to ISS.
Implementations of McAfee AntiVirus library are likely vulnerable through common protocols like SMTP, HTTP and FTP, the security firm reported.
No authentication is required for an attacker to exploit the flaw, leading ISS to conclude that the library implementations are vulnerable in their default configurations.
Tempting Target
Antivirus programs are attractive to virus writers because they involve a large number of users and can guarantee a fairly high infection rate, especially if the program is popular, said Thomas Kristensen, security researcher at Secunia.
In early February, Secunia and several other firms reported on vulnerabilities in a number of Symantec's (Nasdaq: SYMC - news) products.
"It's appealing to attackers to find exploits in antivirus," Kristensen told CIO Today. "But we can take comfort in the fact that it's security firms finding these flaws first. Obviously, it would be pretty bad if malicious guys had gotten there before everyone else."
Future Threat
Despite the recent holes seen in McAfee and Symantec products, generally there have not been many vulnerabilities reported in antivirus software, said Kristensen.
However, it is possible that these types of programs will draw the attention of attackers in the future, especially as more users download antivirus protection.
"Antivirus software is usually very complex, so although it would be nice if the programs were flawless, it's natural for errors to occur," he noted. "Sadly, it's just bound to happen."