mailing list archives
Symantec Antivirus Library Remote Heap Overflows
From: list () rem0te com
Date: Tue, 20 Dec 2005 13:58:55 +0000
December 20, 2005
The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files
Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected.
These vulnerabilities can be exploited remotely without user interaction in default configurations through common
protocols such as SMTP.
Successful exploitation of Symantec protected systems allows attackers unauthorized control of data and related
privileges. It also provides leverage for further network compromise. Symantec implementations are likely vulnerable in
their default configuration. In default configurations users are likely vulnerable regardless of whether they choose to
open or read the email.
Due to the library’s modular design and core functionality; it is likely this vulnerability affects a substantial
portion of Symantec’s gateway, server, & client antivirus-enabled product lines on most platforms. In fact, the scope
of this vulnerability is likely similar to the one described in the following link and also includes more current
Further, this library is also licensed to a substantial number of venders with products/services that are likely
affected. A small sample of these vendors can be found in the following link.
Disable scanning of RAR compressed files until the vulnerable code is fixed.
This vulnerability was discovered and researched by Alex Wheeler.
security () rem0te com
- Symantec Antivirus Library Remote Heap Overflows list (Dec 20)