Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Symantec Multiple Products UPX Parsing Engine Buffer Overflow

-

Release Date:  2005-02-09    Last Update:  2005-02-11    Views:  44,136

Secunia Advisory SA14179

Where:

From remote

Impact:

System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


ISS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects the following products:
* Norton AntiVirus for Microsoft Exchange 2.1 (prior to build 2.18.85)
* Symantec Mail Security for Microsoft Exchange 4.0 (prior to build 4.0.10.465)
* Symantec Mail Security for Microsoft Exchange 4.5 (prior to build 4.5.3)
* Symantec AntiVirus/Filtering for Domino NT 3.1 (prior to build 3.1.1)
* Symantec Mail Security for Domino 4.0 (prior to build 4.0.1)
* Symantec AntiVirus/Filtering for Domino Ports 3.0 for AIX (prior to build 3.0.6)
* Symantec AntiVirus/Filtering for Domino Ports 3.0 for OS400, Linux, Solaris (prior to build 3.0.7)
* Symantec AntiVirus Scan Engine 4.3 (prior to build 4.3.3)
* Symantec AntiVirus for Network Attached Storage (prior to build 4.3.3)
* Symantec AntiVirus for Caching (prior to build 4.3.3)
* Symantec AntiVirus for SMTP 3.1 (prior to build 3.1.7)
* Symantec Mail Security for SMTP 4.0 (prior to build 4.0.2)
* Symantec Web Security 3.0 (prior to build 3.0.1.70)
* Symantec BrightMail AntiSpam 4.0
* Symantec BrightMail AntiSpam 5.5
* Symantec AntiVirus Corporate Edition 9.0 (prior to build 9.01.1000)
* Symantec AntiVirus Corporate Edition 8.01, 8.1.1
* Symantec Client Security 2.0 (prior to build 9.01.1000)
* Symantec Client Security 1.0
* Symantec Gateway Security 2.0, 2.0.1 - 5400 Series
* Symantec Gateway Security 1.0 - 5300 Series
* Symantec Norton Antivirus 2004 for Windows
* Symantec Norton Internet Security 2004 (pro) for Windows
* Symantec Norton System Works 2004 for Windows
* Symantec Norton Antivirus 2004 for Macintosh
* Symantec Norton Internet Security 2004 for Macintosh
* Symantec Norton System Works 2004 for Macintosh
* Symantec Norton Antivirus 9.0 for Macintosh
* Symantec Norton Internet Security for Macintosh 3.0
* Symantec Norton System Works for Macintosh 3.0


Solution:
Updates are available (see the vendor advisory for details).

Provided and/or discovered by:
Alex Wheeler, ISS X-Force.

Original Advisory:
Symantec:
http://www.sarc.com/avcenter/security/Content/2005.02.08.html

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/187

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Symantec Multiple Products UPX Parsing Engine Buffer Overflow

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability