British white hat hacker and Google Project Zero chap Tavis Ormandy is making life miserable for Symantec again: the bug-hunter has turned up an exploitable overflow in “the core Symantec Antivirus Engine used in most Symantec and Norton branded Antivirus products”. Described here, the problem is in how the antivirus products handle executables compressed using an early version of the Aspack compression tool. If the engine encounters truncated section data – “when SizeOfRawData is greater than SizeOfImage” – the buffer overflow occurs. Ormandy writes: “Because Symantec use a filter driver to intercept all system I/O, just emailing a file to a victim or sending them a link is enough to exploit it.”
View full story
ORIGINAL SOURCE: The Register
