Security research firm ISS has issued an advisory warning of a "serious flaw" in McAfee's antivirus library system that leaves users wide open to attack.
The flaw is in 23 versions of McAfee's products, and stems from a vulnerability in the antivirus library which the software uses to check for malware. ISS warned that ISPs, businesses and home users are all at risk.
"ISS has shipped protection for a flaw discovered by X-Force in McAfee AntiVirus Library versions prior to 4400," said the advisory.
"The Library is widely relied on to provide antivirus capabilities to desktop, server and gateway systems. Also, several large vendors and ISPs implement the Library in their products."
The flaw can be exploited if a hacker sends an email to the target with a specially crafted 'Lha' file, a type of format read by many software engines.
The user does not need to open anything; instead the file overwhelms the library's buffer and allows code to be executed on the target machine.
MacAfee was unavailable for comment. The ISS advisory can be seen here.
RISC OS 5 to form the basis of RISC OS Open after Castle Technology sells to RISC OS Developments
A smartphone maker fiddling its benchmarking scores? That's unusual, isn't it?
'We are making good progress on 10nm,' claims Intel
Engineer calculates that Chengdu's plan to replace streetlights with artificial moonlight would cost $100bn