Security products from both Trend Micro and Symantec - two of the big three anti-virus players - have become the subject of serious security vulnerabilities.

Errors in Symantec's Decomposer engine create a denial of service or system compromise risk for several enterprise security products (such as Mail Security for Microsoft Exchange and AntiVirus for Network Attached Storage).

Vulnerabilities triggered when processing malformed RAR archive files might be used to inject malware onto vulnerable systems (in the most serious case) or crash servers.

Security researchers at iDefense discovered the flaws. Symantec published an advisory on Tuesday explaining how sys admins can update their software.

Decomposer components decompress or unpack files. The components have been something of a weak spot in Symantec products of late. As well as being the root cause of the latest security bugs, troubles in updating Decomposer files were behind an error-generating bug that caused all sorts of grief for corporate sys admins earlier this month.

Separately, independent security researchers have discovered buffer overflow bugs in OfficeScan and Policy Server software packages from Trend Micro. Sys admins are advised to restrict network access to the services pending the availability of patches. ®

Related stories

• Interview Trend Micro's CEO says 'AV industry sucks' (22 June 2008)
• Attackers hose down Microsoft's Jet DB Engine (26 March 2008)
• Update Symantec Endpoint Security throws out error bugs (20 February 2008)
• Update 2 Update glitch derails Kaspersky (14 December 2007)
• Sophos bug highlights wider anti-virus flaws (29 July 2005)
• Security products 'riddled' with bugs (20 June 2005)
• Update PC-cillin killed my PC (25 April 2005)
• Anti-virus vulnerabilities strike again (18 March 2005)