Symantec Says Vulnerability Impacts 63 Products
The number of impacted products was among the largest ever for a single vulnerability, and demonstrated the risk of reusing code in a large group of programs.
The bug, which was made public Tuesday by researcher Alex Wheeler, is in how Symantec's AntiVirus Library, part of virtually all the Cupertino, Calif.-based security giant's programs, handles RAR compressed files. RAR files are created by the WinRAR compression utility, developed and sold by RarLab.
In an advisory released Wednesday, Symantec listed 48 enterprise titles and 15 consumer products that used the flawed Library. On the consumer side, the 2006 versions of Norton AntiVirus, Internet Security, SystemWorks, and Personal Firewall are open to attack. Corporate titles such as Norton AntiVirus for Microsoft Exchange, BrightMail Antispam, and AntiVirus for Handhelds are also on the list.
Only a few programs are not affected, including earlier editions of Symantec AntiVirus Corporate Edition and Symantec Client Security.
The only protection for the moment is a special detection capability that Symantec is downloading to users' systems.
Heuristic detection for potential exploits targeting this vulnerability is available from LiveUpdate," Symantec said in an alert published to its DeepSight Threat Management System customers. "This detection is available to all desktop, server, and gateway product versions of Symantec's security products and appliances that contain the vulnerability."
The company is working on patches for the affected products, but hasn't given a timeline for completing the fixes. In the meantime, it urged all users to run LiveUpdate to download the heuristic detection.
Symantec also downplayed the threat, stating in the advisory that "to date, Symantec has not had any reports of related exploits of this vulnerability."