SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Join our Affiliate Program
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Security)  >  Norton Anti-Virus Vendors:  Symantec
Symantec Norton Anti-Virus Protection Fails to Detect Viruses on Floppy Diskettes Windows-XP
SecurityTracker Alert ID:  1007070
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 27 2003
Impact:  Execution of arbitrary code via local system, Modification of system information, Modification of user information
Vendor Confirmed:  Yes  
Version(s): 7.61, 7.6
Description:  A vulnerability was reported in certain versions of Symantec's Norton Anti-Virus on the Windows XP operating system. Viruses on floppy diskettes are not detected "on the fly."

It is reported that version 7.6 and 7.61 are affected, but that 8.01 is not affected.
Impact:  A user could pass a virus on a floppy diskette to the target user.
Solution:  No solution was available at the time of this entry. The vendor is reportedly working to determine the cause of the flaw.
Vendor URL:  www.symantec.com/ (Links to External Site)
Cause:  State error
Underlying OS:  Windows (XP)
Reported By:  Pal Juvancz <Pal.Juvancz@publicworks.qld.gov.au>
Message History:   None.

 Source Message Contents
Date:  25 Jun 2003 22:42:18 -0000
From:  Pal Juvancz <Pal.Juvancz@publicworks.qld.gov.au>
Subject:  Symantec NAV 7.6 CE Major Fault

 



Symantec NAV 7.6 Corporate Edition has a MAJOR fault when running on XP. 
It simply will NOT scan floppies on the fly (even with the most 
restrictive settings enabled) This is a bug that has been confirmed by 
Symantec (after 3 months of sitting on their bum doing absolutely NOTHING 
about it) 

I still haven't seen a solution - other than dumping the product yet.

Below are snippets from actual Symantec tech support e-mails.

"With 7.61 on the XP Pro machine (your Vectra) we did not catch the virus 
at the floppy, however we did catch it when we burned it to CD. 

I tested with 7.61 build 45 on XP PRO.. not your machine.. we did not 
catch the virus at the floppy. 
I tested the 8.01 on a machine that wasn't yours as well and it worked as 
designed. 

I am thinking at this point there could be a couple of things happening. 
1)XP PRO does something between NAV 7.6x and the floppy 
2) XP PRO does something to Nav 7.6x "

I think they should advertise this widely but.....


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC