[SingCERT] Software Vulnerability in Symantec's Antivirus Engine

Published on Thursday, 19 May 2016 12:21

Background of the Vulnerability

Symantec’s Antivirus Engine (AVE) has been reported as vulnerable to memory corruption due to a flaw when parsing a specially crafted Portable Executable (PE) file. On computers that are running Windows operating system, a successful exploitation of the vulnerability will result in a system crash – displaying a blue screen commonly known as Blue Screen of Death. This advisory is provided for users who are currently using Symantec Antivirus Engine on their computers.

Such malformed PE files can be received through incoming email, downloading of a document or application, or by visiting a malicious web site. No user interaction is required to trigger the parsing of the malformed file.

Software Affected by the Vulnerability

  • Symantec Antivirus Engine version 20151.1.0.32
Impact to Users

Upon successful exploitation of the reported vulnerability, Windows users will see a blue error screen. Users will need to restart their computers to continue with their work.

Solution to Mitigate the Vulnerability

Users are strongly encouraged to run Symantec’s LiveUpdate immediately and install all available updates.

References

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160516_00
https://bugs.chromium.org/p/project-zero/issues/detail?id=820