Symantec Products Are Experiencing Security Problems

The chain of Symantec software programs is very long and includes the well-known Symantec Antivirus, Symantec Backup Exec, Symantec Log Viewer and many others. Out of this variety of Symantec software products, several specific products were selected by wicked users to perform malign actions related to sensitive and often unprotected computer systems.

First, let me ask you a question: Are you using Symantec programs such as Symantec Mail Security, Symantec BrightMail Appliance and Symantec Data Loss Prevention Enforce/Detection Servers? If your answer is yes, you should direct your attention to this really important security news pertaining to these particular Symantec programs. The point is that a serious vulnerability exists in the programs mentioned above. Speaking of Symantec, if you can remember, a vulnerability was found in the Symantec Reporting Server more than two months ago as well.

In the table below, you will find Symantec products and versions that were confirmed to be affected:

 Table 1.  Affected products and versions

It is important for users to note that in certain vulnerable Symantec products, the Autonomy KeyView module processes have been set apart from the Symantec application processes and are performed with limited rights. Now, are you interested in what attackers obtain by exploiting this vulnerability? Attackers could exploit this weakness in order to compromise an accessible system and fulfill the execution of arbitrary code. Symantec software programs are compatible with Windows version such as 2000/XP/Vista. Some of the files related to, for example, Windows 2000 include: n3bridge.sys, 3cisati.sys, dfs.sys, winacpci.sys and nwgina.dll

Are you prepared to find out more about this vulnerability? What exactly is the cause of this weakness? This vulnerability is produced by an integer overflow error in the Autonomy KeyView Viewer for Excel (xlssr.dll) while dealing with XLS documents. They contain a false Shared String Table (SST) record, which could be exploited by malicious users with an evil purpose to crash an insecure application or execute arbitrary code. This can be accomplished if a user is convinced to view an infectious Excel file.

Lastly, I will tell you some good news. Despite the fact that you might be a current user of one affected Symantec program, you must be curious about a solution to this big security problem, including current users of all other vulnerable Symantec applications. Users are strongly recommended to look through the vendor advisory for a patch matrix. Luckily, updates are already available. So, you can fix this vulnerability by applying the appropriate updates to whichever affected product and use the particular program in a safer environment.