Description: Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.
The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector.
Solution: The vendor has issued patches (see patch matrix in vendor advisory).
Provided and/or discovered by: Alex Wheeler
Changelog: 2005-12-22: Information released by vendor. Updated "Solution", and "Solution Status" sections.
2005-12-22: Updated list of affected products.
2005-12-27: Added link to US-CERT vulnerability note and added CVE reference.
2005-12-28: Vendor released patch for Brightmail AntiSpam. Updated "Solution" section.
2005-12-30: Vendor released hotfix for Gateway Security 1.0 and Gateway Security 5400 Series.
2006-01-30: Updated "Solution" section.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
