TITLE: Symantec Norton SystemWorks Protected Recycle Bin Weakness SECUNIA ADVISORY ID: SA18402 VERIFY ADVISORY: http://secunia.com/advisories/18402/ CRITICAL: Not critical IMPACT: Security Bypass WHERE: Local system SOFTWARE: Symantec Norton SystemWorks 2005 http://secunia.com/product/4847/ Symantec Norton SystemWorks 2006 http://secunia.com/product/6636/ DESCRIPTION: A weakness has been reported in Norton SystemWorks, which can be exploited by malicious, local users, or by malware, to bypass certain security restrictions. The weakness is caused due to a design error in SystemWorks in which files within the NProtect directory of the Norton Protected Recycle Bin are hidden from the "FindFirst/FindNext" Windows APIs. This prevents virus scanning software from detecting malicious or virus-infected files that are placed in the directory. On-access virus scanners reportedly are still able to detect the malicious files when they are accessed. The weakness has been reported in the following versions. * Norton SystemWorks 2005/2006 * Norton SystemWorks Premier 2005/2006 SOLUTION: Apply the patch by running LiveUpdate. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mark Russinovich of Sysinternals and the F-Secure Blacklight team. ORIGINAL ADVISORY: http://securityresponse.symantec.com/avcenter/security/Content/2006.01.10.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------