Description: A vulnerability has been reported in Symantec AntiVirus Scan Engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
The vulnerability is caused due to an input validation error in the web-based Administrative Interface when handling a HTTP request. This can be exploited to cause a heap-based buffer overflow via a specially crafted HTTP request that contains a negative value in certain HTTP headers.
Successful exploitation allows arbitrary code execution with SYSTEM privileges, but requires the ability to send HTTP requests to port 8004/tcp.
The vulnerability has been reported in the following versions:
* Symantec AntiVirus Scan Engine (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for ISA (version 4.0 and 4.3).
* Symantec AntiVirus Scan Engine for Netapp Filer (version 4.0).
* Symantec AntiVirus Scan Engine for Messaging (version 4.3).
* Symantec AntiVirus Scan Engine for Netapp NetCache (version 4.0).
* Symantec AntiVirus Scan Engine for Network Attached Storage (version 4.3).
* Symantec AntiVirus Scan Engine for Bluecoat (version 4.0).
* Symantec AntiVirus Scan Engine for Caching (version 4.3).
* Symantec AntiVirus Scan Engine for Microsoft SharePoint (version 4.3).
* Symantec AntiVirus Scan Engine for Clearswift (version 4.0 and 4.3).
Other products that use the Scan Engine may also affected.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
