Symantec AntiVirus vulnerability found

May 26, 2006

Vulnerability allegedly affecting at least two versions of Symantec AntiVirus software has been found. The vulnerability requires no interaction from the end-user, and has the potential to grant complete system level access to an attacker, according to eEye Digital Security, the organization that originally discovered the vulnerability.

According to eEye, the Symantec AntiVirus 10.x and Symantec Client Security 3.x product lines are both vulnerable, and other Symantec products may be vulnerable as well.

Symantec released a brief statement early today, in which they confirmed that they have received a report pertaining to a "potential remotely exploitable vulnerability," but that it affected only AntiVirus Corporate Edition 10.x. The company denies that any of its 'Norton' line of consumer-grade products are affected.