Symantec Norton SystemWorks Hidden Directory Obscures Files from Anti-Virus Scanners
|
|
SecurityTracker Alert ID: 1015462 |
|
SecurityTracker URL: http://securitytracker.com/id/1015462
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jan 10 2006
|
Impact:
Modification of system information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): 2005, 2006
|
Description:
A vulnerability was reported in Symantec's Norton SystemWorks. The software may obscure files from anti-virus scanners.
The software creates the Norton Protected Recycle Bin in the Microsoft Windows Recycler directory and hides the created directory from the Windows FindFirst/FindNext APIs. As a result, files in the directory may not be scanned by anti-virus scanning products.
Symantec credits Mark Russinovich of Sysinternals and the F-Secure Blacklight team with reporting this vulnerability.
|
Impact:
Files in the affected directory may be undetectable to anti-virus/security scanners. Malicious code can use the directory to hide malware.
|
Solution:
The vendor has issued a fix, available via LiveUpdate.
The fix and update instructions are available at:
http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/1998081213371213
A reboot is required.
|
Vendor URL: securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 10 Jan 2006 15:51:00 -0500
Subject: Norton SystemWorks vulnerability
|
http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html
SYM06-002
Symantec Norton Protected Recycle Bin Exposure
|
|
