A vulnerability was found in Symantec Antivirus that allows you to gain complete control over the system.

Zero security researchers (created by Google to prevent attacks made using previously unknown vulnerabilities) revealed critical vulnerability information ( CVE-2016-2208 ) in Symantec antivirus software. When checking specially designed files in the “PE” format, you can initiate a buffer overflow and organize the execution of the code in the system.

When parsing executable files compressed with an earlier version of aspack , a buffer overflow may occur in the Symantec Antivirus Engine module used in most anti-virus products released under the Symantec and Norton brands. This situation becomes possible if the data section is truncated, i.e. if the value of SizeOfRawData exceeds the value of SizeOfImage.

And now about the most interesting. Since Symantec software uses a driver filter to intercept all I / O operations in the system, an attack can be made by sending an exploit to the victim system in almost any way — say, as an e-mail message or a link to a file.
')
On Linux, Mac, and other UNIX platforms, you can thus achieve remote heap overflow generated with superuser permissions in Symantec or Norton processes. On Windows, the result will be damage to the kernel's memory, since the scanning module is loaded into the kernel there, which can allow executing code with kernel permissions at the protection level ring0.

Products under the brands of Symantec and Norton are also interesting because they are often included in the supply of PCs and laptops. This, of course, also influenced their prevalence, especially from the point of view of Western users.

The manufacturing company promptly published an update fixing this vulnerability. Thus, it is important to install it, incl. and on Unix servers (installation will require rebooting the server).