Norton AntiVirus Denial Of Service Vulnerabilities

Secunia Advisory: SA14741

Isamu Noguchi has reported two vulnerabilities in Symantec Norton AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An unspecified error in the Auto-Protect module during scan of specific file types can be exploited to cause the system to hang or crash.

2) An error in the SmartScan feature in Auto-Protect, when a file located on a network share is renamed, it can be exploited to consume a large amount of CPU resources or cause a system crash.

The following products are affected:

* Symantec Norton AntiVirus 2004
* Symantec Norton Internet Security 2004 (Professional)
* Symantec Norton SystemWorks 2004 (Professional)
* Symantec Norton AntiVirus 2005
* Symantec Norton Internet Security 2005
* Symantec Norton SystemWorks 2005 (Premier)

Release Date: 2005-03-29
Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Solution: The vendor has issued a fix, which is available via LiveUpdate.

[Secunia Advisory: SA14741]