Web www.software-risk.co.uk

Do you have anti-virus software? Of course you do. Without it you would be defenceless!

But what if the bad guys, use a vulnerability in the anti-virus software itself to attack you?

This week two vendors, Symantec and F-Secure, have seen their products open to attack because of vulnerabilities.

The vulnerability was unearthed at ISS has its origins in processing of ARJ archive files by an anti-virus library. Potential attacks would take the form of buffer overflow attacks. Versions of F-Secure products include the desktop, server (Linux and Windows) and gateway.

A virus writer would be able to execute code when the ARJ file is scanned.

F-Secure have issued a number of security patches to users, and are urging for them to be applied.

Related Articles
Continental and McAfee
Barclays Strengthens Online Security
Patches Applied Faster by IT
Web Vulnerability Scanner
ISS Adds Section 404 2006 p
Citigroup Faces Wrath Over Asset Swap
Messaging - Quarantine
Symantec and Veritas Complete Merger

Similar Areas

Software Development Items

Windows Items

Linux Items

Security Items

Selected Books

Keywords

F-Secure

anti-virus

vulnerability

Symantec

ISS

ARJ files