Brandon Posted December 20, 2005 Report Share Posted December 20, 2005 (edited) Story published by SecuniaSource: Alex WheelerAlex Wheeler has reported a vulnerability in Symantec AntiVirus, which potentially can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL.Solution:The vendor is current investigating the issue and working on an update. Refer to the original advisory of more information on the list of affected products.An antivirus-based protection signature has been added on 2005-12-20 via LiveUpdate to detect potential exploits of the vulnerability.Secunia Advisory Edited December 22, 2005 by Brandon Quote Link to post Share on other sites
Pete_C Posted December 22, 2005 Report Share Posted December 22, 2005 Story published by SecuniaSource: Alex WheelerAlex Wheeler has reported a vulnerability in Symantec AntiVirus, which potentially can be exploited by malicious people to compromise a vulnerable system.The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned.The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL.Solution:Filter RAR archives at email or proxy gateways.Secunia AdvisoryGlad to see they updated it to include An antivirus-based protection signature has been added on 2005-12-20 via LiveUpdate to detect potential exploits of the vulnerability.So the solution for now is to run live update. Quote Link to post Share on other sites
Brandon Posted December 22, 2005 Author Report Share Posted December 22, 2005 I just updated the solution, sorry about that.. Quote Link to post Share on other sites
Brandon Posted December 30, 2005 Author Report Share Posted December 30, 2005 Updated 12/30/05Here are some hotfixes for Gateway Security 1.0 and Gateway Security 5400 Series.Symantec Brightmail AntiSpam 6.0.3 (keno-20051118-01):Apply patch 164.ftp://ftp.symantec.com/public/english_us_...es/patch164.zipSymantec Gateway Security 1.0 (Model 5110):http://www.symantec.com/techsupp/enterpris...5110/files.htmlSymantec Gateway Security 1.0 (Model 5200/5300):http://www.symantec.com/techsupp/enterpris...5300/files.htmlSymantec Gateway Security 1.0 (Model 5310):http://www.symantec.com/techsupp/enterpris...5310/files.htmlSymantec Gateway Security 2.0.1 (Model 5400):http://www.symantec.com/techsupp/enterpris...5400/files.html Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.