McAfee, Symantec patched antivirus software

Symantec and McAfee, the world's leading security companies, have both been urgently needed to fix dangerous security holes in antivirus software.

However, the detected and corrected ActiveX security bugs this time have nothing to do with the recently launched ActiveX Security Errors Project.

These security bugs include an error in McAfee's anti-spam anti-virus software console - McAfee Security Center - and an error in Symantec's Norton Antivirus product.

An ActiveX security error in McAfee Security Center can be exploited by hackers to cause a buffer overflow, enabling them to gain the right to execute remote code on a system that has failed.

To exploit this security bug, hackers must trick users into clicking on a malicious link attached to an email or on a website.

McAfee confirms this vulnerability exists in a series of Security Center integrated in Total Protection 2007, VirusScan 8.x, 9.x, 10.x, and VirusScan Plus 2007.

Meanwhile, Symantec last week also confirmed a buffer overflow security error that exists in ActiveX Control bundled with Norton Antivirus.

Just like the bug in McAfee's product to exploit the Symantec product security flaw, hackers must trick users into clicking on a malicious link. If successful, they will gain the right to run malicious code on the system that makes a mistake.

Symantec claims to have released a patch and users can download it via the LiveUpdate service.

Hoang Dung