Scanner runs virus instead of scanning it. Network admins thrilledSecurity vulnerabilities like this will likely leave a lasting shiner - and surprisingly enough, this particular one is not limited to Microsoft.?Symantec has a flaw in their antispam and antivirus products that does not handle a compression format properly and instead of scanning the files it ends up executing them.?
Computers are at risk if they run an unpatched version of a Symantec product that scans files to detect malicious code and if they use the Microsoft Windows, Mac OS X, Linux, Solaris and AIX operating systems, Symantec said. ...
The problem exists in how the scanning code handles a compression format known as the Ultimate Packer for Executables (UPX). An attacker could create a virus designed to exploit the UPX flaw and send it to victims through e-mail or host it on a Web site. An unpatched Symantec scanner checking incoming e-mail or the Web pages that users browse would run the program instead of catching the virus.
A patch is available through Live Update or through Symantec's site. It's probably not a good idea to let this one linger. Article Link: Symantec Bug to Run Viruses, Not Scan Them
