Patch/Configuration Management, Vulnerability Management

Symantec investigating vulnerability reports


Symantec is investigating the report of a vulnerability in its AntiVirus Corporate Edition 10, the security giant said Thursday.

Vulnerability assessment firm eEye Digital Security issued an advisory Wednesday detailing a remotely executable flaw within Symantec anti-virus software. eEye said the vulnerability – which does not have to be initiated by an end user – could compromise affected systems, allowing for the execution of malicious code and heightened privileges.

eEye said the vulnerability also affects Symantec Client Security 3, possibly in addition to other products.

Symantec, however, said in an advisory that it could not verify the bug and that no in-the-wild exploit code was available.

"Norton products do not contain the code affected by this potential vulnerability, and none of the Norton products are affected by this issue," the company’s advisory said. "Symantec product teams are currently investigating this report. If necessary, we will provide updates for all currently supported products to resolve this issue."

The company said it is not aware of any impacted customers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.