A series of errors in Scan Engine were detected

Symantec has just warned users about a number of security holes in the Scan Engine product. However, the security firm only ranks these security errors as medium.

Scan Engine is a programming interface that allows third parties to integrate Symantec's malware removal technology into their applications.

As recommended by Symantec, the first security error lies in the issue of web login authentication. ' Anyone with knowledge of the communication mechanism can gain control of Scan Engine server '.

Another security error in opening an application could lead to a man-in-the-middle 'attack - a form of information theft. Accordingly, an attacker may take away the DSA keys used in secure SSL communication.

Remote users can also download any file to the program's installation directory via a third security error. This is an error using malicious HTTP requests to steal information.

Security firm stressed that these security flaws only affect Scan Engine, not any other application.

Users are advised to upgrade to Symantec Scan Engine 5.1 to fix these security errors.

Up to now, there has not been any attack by exploiting the above security errors. However, there are exploit codes that are likely to be distributed on the network.

HVD - ( Betanews )