SearchSecurity reports:

Vulnerabilities have surfaced in anti-virus products from Symantec Corp. and McAfee Inc. Symantec reported flaws in its AntiVirus Library in a message to customers of its DeepSight Threat Management System Tuesday. The library “has been found prone to multiple heap overflow vulnerabilities when scanning malformed .rar [archive files],” the Cupertino, Calif.-based company said.

AntiVirus Library is a component of various Symantec products that detects malware by parsing a number of files in different formats. “The issues can be leveraged remotely to gain complete control over the affected system. Exploitation can occur without user interaction over protocols such as SMTP (Simple Mail Transfer Protocol).” Symantec said the flaw is of high urgency and affects AntiVirus Corporate Editon, Brightmail Anti-Spam; Client Security; Gateway Security; Norton AntiVirus; Norton Antivirus for Macintosh; Norton AntiVirus for Microsoft Exchange; and Norton Internet Security. There are no patches yet, but Symantec said users can blunt the threat by disabling the scanning of .rar-compressed files and not opening e-mail attachments from untrusted sources.

[Continue reading Flaws plague Symantec, McAfee]

[tags]security,mcafee,symantec,flaw,antivirus corporate editon,brightmail anti-spam,client security,gateway security,norton antivirus,norton antivirus for macintosh,norton antivirus for microsoft exchange,norton internet security,mcafee security center[/tags]