[Discuss] [OT] Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'

MBR mbr at arlsoft.com
Wed Jun 29 14:36:15 EDT 2016 

Does anyone have a technical description of how exactly this 
vulnerability operates? A magazine like Fortune won't provide that 
information because 99% of their readers couldn't understand it.  The 
nearest they come is the sentence:

    "The vulnerabilities affect a “decomposer engine”—a program that
    unpacks compressed files in order to help scan for potentially
    malicious ones—that’s used across Symantec’s products."

This sounds like it uncompresses .gz files and extracts the contents of 
.tar.gz and .zip files.  But I can't imagine how that could result in 
transferring execution control to code inside those files.

    Mark Rosenthal
    mbr at arlsoft.com <mailto:mbr at arlsoft.com>



On 6/29/16 1:26 PM, Stephen Ronan wrote:
>
> From: Lauren Weinstein <lauren at vortex.com>
> Subject: [ NNSquad ] Google Found Disastrous Symantec and Norton 
> Vulnerabilities That Are 'As Bad As It Gets'
> Date: June 29, 2016 at 11:27:40 AM EDT
> To: nnsquad at nnsquad.org
>
>
> Google Found Disastrous Symantec and Norton Vulnerabilities That Are 
> 'As Bad As It Gets'
>
> http://fortune.com/2016/06/29/symantec-norton-vulnerability/
>
>      Google's "project zero" team, a group of security analysts
>     tasked with hunting for computer bugs, discovered a heap of
>     critical vulnerabilities in Symantec and Norton security
>     products.  The flaws allow hackers to completely compromise
>     people's machines simply by sending them malicious
>     self-replicating code through unopened emails or un-clicked
>     links.  The vulnerabilities affect millions of people who run
>     the company's endpoint security and antivirus software, rather
>     ironically to protect their devices.  Indeed, the flaws
>     rendered all 17 enterprise products (Symantec brand) and eight
>     consumer and small business products (Norton brand) open to
>     attack.
>
> - - -
>
> --Lauren--
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>

More information about the Discuss mailing list