Robert McMillan, IDG News Service
Thu Oct 6, 8:00 PM ET
Users of Symantec’s AntiVirus Scan Engine are being advised to upgrade their software, due to a critical security bug in the product. The flaw could theoretically allow an attacker to take control of an affected system, according to Symantec.
Because of a bug in the Scan Engine’s administrative interface, an attacker could take over a system running the software by creating a specially crafted HTTP request, Symantec said in a security advisory. The attacker would need to gain access to an exposed administrative port on the server for this attack, the report said.
Users of versions 4.0 and 4.3 of the Scan Engine product are advised to upgrade to version 4.3.12, Symantec said in its advisory.
Symantec is the second security vendor to report a major security bug in its products this week. Kaspersky Labs also reported a similarly critical flaw in its Antivirus Library, which is used by a wide range of the company’s antivirus products.
The increasing number of reported vulnerabilities in security applications represents a challenge to software makers to ensure that the programs meant to protect computers don’t introduce new avenues for attack. A recent Yankee Group report found that, collectively, the number of reported flaws in security software is increasing more rapidly than for Windows.
