OK folks, on a scale of one to really really bad. This is on the top end of the scale apparently. There is an advisory on eeye.com. There is chatter about this on SANS, C|Net, an article on Dark Reading and CNN (of all people) has it on their website.
Symantec Corp.’s leading antivirus software, which protects some of the world’s largest corporations and U.S. government agencies, suffers from a flaw that lets hackers seize control of computers to steal sensitive data, delete files or implant malicious programs, researchers said Thursday.Symantec said it was investigating the issue but could not immediately corroborate the vulnerability. If confirmed, the threat to computer users would be severe because the security software is so widely used and because no action is required by victims using the latest versions of Symantec Antivirus to suffer a crippling attack over the Internet.
Be sure to check back for updates as I can get my hands on them. Thanks to eeye’s “cheif hacking officer” (he ‘hacked’ the pentagon through an open share and got a job) my Friday is going to SUCK.
UPDATE: Symantec has posted SYM06-010 advisory
UPDATE 2: Symantec engineers have confirmed the vulnerability. No patch available yet.
UPDATE 3: Symantec patches are now available!
[tags]Symantec vulnerability, Symantec Exploit, Symantec, eeye, Exploit, Vulnerability[/tags]
