Symantec Products Decomposer Buffer Overflow and DoS Vulnerabilities
Last Update Date:
28 Jan 2011
Release Date:
28 Feb 2008
4451
Views
RISK: Medium Risk
Multiple vulnerabilities have been identified in various Symantec products, which could be exploited by attackers or malware to cause a denial of service or take complete contol of an affected system. These issues are caused by infinite loop and buffer overflow errors in the Decomposer engine when processing malformed RAR archives, which could be exploited to cause a vulnerable application to crash or consume large amounts of memory, or execute arbitrary code.
System / Technologies affected
- Symantec AntiVirus for Network Attached Storage version 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine version 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Caching version 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Clearswift version 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for Messaging version 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS ISA version 4.3.16.39 and prior
- Symantec AntiVirus Scan Engine for MS SharePoint version 4.3.16.39 and prior
- Symantec AntiVirus/Filtering for Domino MPE (AIX, Linux, Solaris)
- Symantec Mail Security for Microsoft Exchange version 4.6.5.12 and prior
- Symantec Mail Security for Microsoft Exchange version 5.0.4.363 and prior
- Symantec Scan Engine version 5.1.4.24 and prior
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Apply patches :
http://www.symantec.com/techsupp/
Vulnerability Identifier
Source
Related Link
Share with