Skip to main content

Symantec Products Decomposer Buffer Overflow and DoS Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 28 Feb 2008 2464 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in various Symantec products, which could be exploited by attackers or malware to cause a denial of service or take complete contol of an affected system. These issues are caused by infinite loop and buffer overflow errors in the Decomposer engine when processing malformed RAR archives, which could be exploited to cause a vulnerable application to crash or consume large amounts of memory, or execute arbitrary code.


System / Technologies affected

  • Symantec AntiVirus for Network Attached Storage version 4.3.16.39 and prior
  • Symantec AntiVirus Scan Engine version 4.3.16.39 and prior
  • Symantec AntiVirus Scan Engine for Caching version 4.3.16.39 and prior
  • Symantec AntiVirus Scan Engine for Clearswift version 4.3.16.39 and prior
  • Symantec AntiVirus Scan Engine for Messaging version 4.3.16.39 and prior
  • Symantec AntiVirus Scan Engine for MS ISA version 4.3.16.39 and prior
  • Symantec AntiVirus Scan Engine for MS SharePoint version 4.3.16.39 and prior
  • Symantec AntiVirus/Filtering for Domino MPE (AIX, Linux, Solaris)
  • Symantec Mail Security for Microsoft Exchange version 4.6.5.12 and prior
  • Symantec Mail Security for Microsoft Exchange version 5.0.4.363 and prior
  • Symantec Scan Engine version 5.1.4.24 and prior


Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply patches :
http://www.symantec.com/techsupp/


Vulnerability Identifier


Source


Related Link