Vulnerability found in Symantec Antivirus that could allow RCE with no user interaction

Attacker sends email.  Email lands in  your inbox or webmail.  You don’t open or even view the email.  Attacker pwns your box.  That’s the story according to Bank Info Security.  Read on.

According to this article from BankInfoSecurity, Google Project Zero researcher Travis Ormandy has found a bug in the Symantec / Norton Antivirus that could allow an attacker to send an email to a computer protected by a Symantec or Norton antivirus product and get remote code execution (RCE). Additional details are available on the linked article (and the articles linked from it). Symantec confirms that the vulnerability has been patched via the Live Update service but, if you’re still using the ’90 day free trial’ that came with the computer six months ago, you may have a problem

http://www.bankinfosecurity.com/researcher-hacks-symantecs-av-via-email-a-9109

Leave a Reply