Secunia Advisory: SA18131 Print Advisory
Release Date: 2005-12-20
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Symantec AntiVirus Corporate Edition 10.x
Symantec AntiVirus Corporate Edition 8.x
Symantec AntiVirus Corporate Edition 9.x
Symantec AntiVirus for Caching 4.x
Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus for SMTP Gateways 3.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Brightmail AntiSpam 4.x
Symantec Brightmail AntiSpam 5.x
Symantec Brightmail AntiSpam 6.x
Symantec Client Security 1.x
Symantec Client Security 2.x
Symantec Mail Security for Domino 4.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for SMTP 4.x
Symantec Norton AntiVirus 2001
Symantec Norton AntiVirus 2002
Symantec Norton AntiVirus 2003
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2005
Symantec Norton AntiVirus 5
Symantec Norton AntiVirus 5.0 for OS/2
Symantec Norton AntiVirus Corporate Edition 7.x
Symantec Norton AntiVirus for Macintosh 10.x
Symantec Norton AntiVirus for Macintosh 9.x
Symantec Norton AntiVirus for Microsoft Exchange 2.x
Symantec Norton AntiVirus for Microsoft Exchange 3.x
Symantec Norton AntiVirus Solution 7.5
Symantec Norton Internet Security 2001
Symantec Norton Internet Security 2002
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2003 Professional
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2004 Professional
Symantec Norton Internet Security 2005
Symantec Norton Internet Security for Macintosh 3.x
Symantec Web Security 2.x
Symantec Web Security 3.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.
The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL.
Solution:
Filter RAR archives at email or proxy gateways.
Provided and/or discovered by:
Alex Wheeler
Original Advisory:
http://www.rem0te.com/public/images/symc2.pdf
Bollettino di sicurezza Secunia
Release Date: 2005-12-20
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Symantec AntiVirus Corporate Edition 10.x
Symantec AntiVirus Corporate Edition 8.x
Symantec AntiVirus Corporate Edition 9.x
Symantec AntiVirus for Caching 4.x
Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus for SMTP Gateways 3.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Brightmail AntiSpam 4.x
Symantec Brightmail AntiSpam 5.x
Symantec Brightmail AntiSpam 6.x
Symantec Client Security 1.x
Symantec Client Security 2.x
Symantec Mail Security for Domino 4.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for SMTP 4.x
Symantec Norton AntiVirus 2001
Symantec Norton AntiVirus 2002
Symantec Norton AntiVirus 2003
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2005
Symantec Norton AntiVirus 5
Symantec Norton AntiVirus 5.0 for OS/2
Symantec Norton AntiVirus Corporate Edition 7.x
Symantec Norton AntiVirus for Macintosh 10.x
Symantec Norton AntiVirus for Macintosh 9.x
Symantec Norton AntiVirus for Microsoft Exchange 2.x
Symantec Norton AntiVirus for Microsoft Exchange 3.x
Symantec Norton AntiVirus Solution 7.5
Symantec Norton Internet Security 2001
Symantec Norton Internet Security 2002
Symantec Norton Internet Security 2003
Symantec Norton Internet Security 2003 Professional
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2004 Professional
Symantec Norton Internet Security 2005
Symantec Norton Internet Security for Macintosh 3.x
Symantec Web Security 2.x
Symantec Web Security 3.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
Description:
Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.
The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL.
Solution:
Filter RAR archives at email or proxy gateways.
Provided and/or discovered by:
Alex Wheeler
Original Advisory:
http://www.rem0te.com/public/images/symc2.pdf
Bollettino di sicurezza Secunia