Internet Security Systems (ISS) reported that their X-force research team has discovered a serious vulnerability in a Symantec parsing engine, which is used in several of the company's products. The vulnerability could allow arbitrary code to execute on a affected systems. ISS rates the vulnerability as critical. According to Secunia's advisory, the number of affected Symantec products is lengthy and incudles Norton AntiVirus for Microsoft Exchange 2.1, Mail Security for Microsoft Exchange 4.0 and 4.5, AntiVirus/Filtering for Domino, Norton AntiVirus, Norton Internet Security, Norton Web Security, and more.
A spokesperson for Symantec said that their engineers "have developed and released updates or Maintenance Releases for all impacted product versions that were not already upgraded in the latest product build release." Symantec added that updates are available through the products' LiveUpdate feature or via its support Web site .
ISS X-Force also discovered a critical flaw in F-Secure's antivirus and Internet security products. The flaw is due to the way the products scan files that are compressed with ARJ compression. An intruder could craft a specially formed ARJ file that would cause a buffer overruns that could allow the intruder to run code on an affected system.
The flaw affects several of F-Secure's antivirus and Internet security products. F-Secure has released hotfixes for the affected products , which are available on the company's Web site.