Intrusion detection and prevention systems provider Internet Security Systems (ISS) issued a “protection advisory” targeting older versions of McAfee’s anti-virus software engine last Thursday.
Attackers are able to trigger a stack overflow within the process importing the McAfee AntiVirus Library, according to ISS.
This vulnerability, which can be triggered by an unauthenticated remote attacker without user interaction, affects both the VirusScan and GroupShield McAfee product lines.
According to the posted ISS advisory: “Compromise of antivirus protected networks and machines may lead to exposureof confidential information, loss of productivity, and further network compromise. … Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines being protected by McAfee AntiVirus Library product.”
Basex CEO and chief analyst Jonathan Spira told TechNewsWorld that though the flaw is important, it represents a relatively minor speed bump on the information superhighway.
“Obviously, the security flaw which was uncovered is significant,” Spira said. “But putting this in perspective, it’s not terribly different than the news about vulnerabilities in Microsoft IE that come out on a regular basis.”
McAfee stated that if users download the company’s latest security signatures, the hole will be plugged.
Spira said it may be ironic for a security company to face a security flaw, but McAfee is not the only one. The fact that is was found on older versions and subsequently corrected, he said, should propel customers to maintain regular updates.
“If a customer does not subscribe to the update, they have basically terminated their relationship with McAfee, as the whole point of updates is to ensure that the system is updated,” he said.