Anti virus software vendors' own trouble
Recently McAfee and Symantec have troubles in their anti virus software.
McAfee's Security Centre 6.X, VirusScan 4.X/8.X/9.X has error in restricting the browser domain in which the ActiveX control mcinstcl.dll can be instantiated. In simple word, it can allow remote code running. It has been fixed by auto-update now. All users who have the stated version better update their product.
Nearly all Symantec antivirus product and Internet security product has a vulnerability that when they scan a malicious .rar (a recently popular compressed file format, another one is .7z format) they go wrong and allow arbitrary code execution! The workaround is to filter RAR file at mail or proxy gateways.
This is a good reminding that security is about a design and implementation of a policy - not depending on a single product without thought.
McAfee's Security Centre 6.X, VirusScan 4.X/8.X/9.X has error in restricting the browser domain in which the ActiveX control mcinstcl.dll can be instantiated. In simple word, it can allow remote code running. It has been fixed by auto-update now. All users who have the stated version better update their product.
Nearly all Symantec antivirus product and Internet security product has a vulnerability that when they scan a malicious .rar (a recently popular compressed file format, another one is .7z format) they go wrong and allow arbitrary code execution! The workaround is to filter RAR file at mail or proxy gateways.
This is a good reminding that security is about a design and implementation of a policy - not depending on a single product without thought.
posted by 路人CL @ Friday, December 30, 2005
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home