Security giant Symantec has quickly patched a “highly critical” flaw in its enterprise anti-virus software that could lead to the remote execution of malicious code.
In an updated advisory Saturday, the company released signatures, designed to detect exploit attempts, for its Symantec Anti-Virus Corporate Edition and Symantec Client Security.
Symantec said the vulnerability, which requires no user interaction to exploit, is caused by a stack overflow and can be remotely executed.
"Exploiting this overflow could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with system-level rights on the affected system," the advisory said.
But the company said it was not aware of any exploits or affected customers.
Vulnerability assessment firm eEye Digital Security discovered the bug about two weeks prior to reporting it to Symantec, said Mike Peterbaugh, eEye’s vice president of marketing. The company prefers to review flaws and determine their legitimacy "before we raise any alarms with the vendors in question," he said.
Peterbaugh – who said his company typically waits an average of 140 days for a fix after announcing a flaw – praised Symantec for its fast response to addressing the problem.
"Turning a patch around in 48 hours is pretty impressive," he said today. "We’ve worked with them in the past, and they’ve always been extremely efficient. Two days is quite a feat, and I think it’s a testament to Symantec and them wanting to do the right thing for their customers."
eEye released an advisory for the flaw on Wednesday. At the time, Symantec said it could not confirm the vulnerability's existence.
Peterbaugh said enterprises should not panic over the bug, which has received widespread media coverage.
"We’re not telling people to go running for the hills," he said. "We’re not tracking any exploits. My advice to our customers is to follow your normally scheduled patching cycle."
The bug does not impact any Norton products, Symantec said.