Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.
The vulnerability has been reported in Dec2Rar.dll version 22.214.171.124 and potentially affects all Symantec products that use the DLL.
Solution: The vendor has issued patches (see patch matrix in vendor advisory).
Provided and/or discovered by: Alex Wheeler
Original Advisory: Symantec:
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com