A vulnerability has been reported in Symantec AntiVirus Scan Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

The vulnerability is caused due to an input validation error in the web-based Administrative Interface when handling a HTTP request. This can be exploited to cause a heap-based buffer overflow via a specially crafted HTTP request that contains a negative value in certain HTTP headers.

Successful exploitation allows arbitrary code execution with SYSTEM privileges, but requires the ability to send HTTP requests to port 8004/tcp.

The vulnerability has been reported in the following versions:
* Symantec AntiVirus Scan Engine (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for ISA (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for Netapp Filer (version 4.0).
* Symantec AntiVirus Scan Engine for Messaging (version 4.3).
* Symantec AntiVirus Scan Engine for Netapp NetCache (version 4.0).
* Symantec AntiVirus Scan Engine for Network Attached Storage (version 4.3).
* Symantec AntiVirus Scan Engine for Bluecoat (version 4.0).
* Symantec AntiVirus Scan Engine for Caching (version 4.3).
* Symantec AntiVirus Scan Engine for Microsoft SharePoint (version 4.3).
* Symantec AntiVirus Scan Engine for Clearswift (version 4.0 and 4.3).

Other products that use the Scan Engine may also affected.

Solution
Apply security update.
Further details available in Customer Area

Provided and/or discovered by
Discovered by anonymous person and reported via iDEFENSE.

Changelog
Further details available in Customer Area

Original Advisory
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2005.10.04.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=314&type=vulnerabilities

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area