A weakness has been reported in Norton SystemWorks, which can be exploited by malicious, local users, or by malware, to bypass certain security restrictions.
The weakness is caused due to a design error in SystemWorks in which files within the NProtect directory of the Norton Protected Recycle Bin are hidden from the "FindFirst/FindNext" Windows APIs. This prevents virus scanning software from detecting malicious or virus-infected files that are placed in the directory. On-access virus scanners reportedly are still able to detect the malicious files when they are accessed.
The weakness has been reported in the following versions.
* Norton SystemWorks 2005/2006
* Norton SystemWorks Premier 2005/2006
Solution: Apply the patch by running LiveUpdate.
Provided and/or discovered by: The vendor credits Mark Russinovich of Sysinternals and the F-Secure Blacklight team.
Original Advisory: http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Symantec Norton SystemWorks Protected Recycle Bin Weakness
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.