All the latest UK technology news, reviews and analysis
|
|
|
18 Mar 2005
Security research firm ISS has issued an advisory warning of a "serious flaw" in McAfee's antivirus library system that leaves users wide open to attack.
The flaw is in 23 versions of McAfee's products, and stems from a vulnerability in the antivirus library which the software uses to check for malware. ISS warned that ISPs, businesses and home users are all at risk.
"ISS has shipped protection for a flaw discovered by X-Force in McAfee AntiVirus Library versions prior to 4400," said the advisory.
"The Library is widely relied on to provide antivirus capabilities to desktop, server and gateway systems. Also, several large vendors and ISPs implement the Library in their products."
The flaw can be exploited if a hacker sends an email to the target with a specially crafted 'Lha' file, a type of format read by many software engines.
The user does not need to open anything; instead the file overwhelms the library's buffer and allows code to be executed on the target machine.
MacAfee was unavailable for comment. The ISS advisory can be seen here.
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Our client who are a large Pharmaceutical Company are...
IT Support Engineer (CCNA/CCIE) My client is a leading...
Company Information Atos is an international information...
Job Title Presales Consultant / Presales Executive...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Response re: McAfee Security
I've just been through a devastating attack on my computer system. It cost a lot of money to handle and used up many, many hours of my work time. McAfee was protecting my system, I thought. This turned out to be not the case. The tech who did the clean-up said he found 36 viruses and over 600 infected files. Evidently what happened was that the McAfee security system was attacked and dismantled via the firewall. I had been having problems with the firewall for about a month before the system crashed.Not one person in tech support, and I spent many hours on the line to that dept, indicated there might be problems with attacks on my computer!! When one pays for protection,and is promised such, one expects to be protected. One does not expect to have to spend many hundreds of dollars in money and lost time to re-secure what was supposed to already be secure!
Posted by: Carol 30 Aug 2005