ISC Reports Exploit of SAV/SCS vulnerability

The SANS Internet Storm Center is reporting exploitation attempts against unpatched versions of Symantec Antivirus 10 and Symantec Client Security 3.
The vulnerability first announced in May (with patches trickling out over the next month) allows remote code execution on a computer via Symantec’s remote management port. To reiterate, this vulnerability is exposed remotely only in managed versions of these products.
DShield is showing a remarkable uptick in scans against this service port currently.
To mitigate against this attack, personal firewalls should be blocking access to this port when the computer is on the Internet. When on the corporate network, the Symantec Antivirus management ports should only be accessible by the Symantec parent server.
Of course the best bet is to be patched. The list of vulnerable and patched versions is available in the Symantec writeup.


  1. eEye: Big Yellow Worm Alert

    eEye has sent out an email alert about a new worm they are calling Big Yellow attacking systems running versions of Symantec Antivirus and Symantec Client Security. This is the same vulnerability that was patched by Symantec in June 2006….

  2. Pingback: » eEye: Big Yellow Worm Alert - Roger's Information Security Blog

Comments are closed.