ID

VAR-200710-0007

CVE

CVE-2007-0447

TITLE

Symantec Product Decomposer Component heap-based buffer overflow vulnerability

DESCRIPTION

Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives. User interaction is not required to exploit this vulnerability.The specific flaw exists during the process of scanning multiple maliciously formatted CAB archives. The parsing routine implicitly trusts certain user-supplied values that can result in an exploitable heap corruption. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability. Symantec AntiVirus is a very popular antivirus solution. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: Symantec Products CAB and RAR Archive Handling Vulnerabilities SECUNIA ADVISORY ID: SA26053 VERIFY ADVISORY: http://secunia.com/advisories/26053/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: >From remote OPERATING SYSTEM: Symantec Gateway Security 5400 Series 2.x http://secunia.com/product/6633/ Symantec Gateway Security 5000 Series 3.x http://secunia.com/product/6648/ SOFTWARE: Symantec Web Security 3.x http://secunia.com/product/2813/ Symantec Scan Engine 5.x http://secunia.com/product/6651/ Symantec Mail Security for SMTP 5.x http://secunia.com/product/13591/ Symantec Mail Security for Microsoft Exchange 6.x http://secunia.com/product/14765/ Symantec Mail Security for Microsoft Exchange 5.x http://secunia.com/product/6650/ Symantec Mail Security for Exchange 4.x http://secunia.com/product/2820/ Symantec Mail Security for Domino 5.x http://secunia.com/product/11179/ Symantec Mail Security for Domino 4.x http://secunia.com/product/4624/ Symantec Client Security 3.x http://secunia.com/product/6649/ Symantec Client Security 2.x http://secunia.com/product/3478/ Symantec Brightmail AntiSpam 6.x http://secunia.com/product/3656/ Symantec Brightmail AntiSpam 5.x http://secunia.com/product/4628/ Symantec Brightmail AntiSpam 4.x http://secunia.com/product/4627/ Symantec AntiVirus/Filtering for Domino 3.x http://secunia.com/product/2029/ Symantec AntiVirus Scan Engine 4.x http://secunia.com/product/3040/ Symantec AntiVirus for Network Attached Storage 4.x http://secunia.com/product/4625/ Symantec AntiVirus for Macintosh 10.x http://secunia.com/product/14768/ Symantec AntiVirus Corporate Edition for Linux http://secunia.com/product/14767/ Symantec AntiVirus Corporate Edition 9.x http://secunia.com/product/3549/ Symantec AntiVirus Corporate Edition 10.x http://secunia.com/product/5555/ Symantec Norton AntiVirus 2004 http://secunia.com/product/2800/ Symantec Norton AntiVirus 2005 http://secunia.com/product/4009/ Symantec Norton AntiVirus 2006 http://secunia.com/product/6634/ Symantec Norton Internet Security 2004 http://secunia.com/product/2441/ Symantec Norton Internet Security 2004 Professional http://secunia.com/product/2442/ Symantec Norton Internet Security 2005 http://secunia.com/product/4848/ Symantec Norton Internet Security 2006 http://secunia.com/product/6635/ Symantec Norton SystemWorks 2004 http://secunia.com/product/2796/ Symantec Norton SystemWorks 2005 http://secunia.com/product/4847/ Symantec Norton SystemWorks 2006 http://secunia.com/product/6636/ Symantec Norton Personal Firewall 2006 http://secunia.com/product/6638/ Symantec Norton AntiVirus for Macintosh 9.x http://secunia.com/product/5948/ Symantec Norton AntiVirus for Macintosh 10.x http://secunia.com/product/5949/ Symantec Norton Internet Security for Macintosh 3.x http://secunia.com/product/5951/ Symantec Norton SystemWorks for Macintosh 3.x http://secunia.com/product/5952/ DESCRIPTION: Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. The vulnerabilities are reported in the following products and versions: * Symantec Mail Security 8200 (all builds) * Symantec Mail Security for Microsoft Exchange versions 4.6.3 and prior, 5.0.0.204, and 6.0.0 (all builds) * Symantec Mail Security for Domino NT versions 4.1.4 and prior and 5.0.0.47 (all builds) * Symantec AntiVirus/Filtering for Domino MPE(AIX, Linux, Solaris) versions 3.0.12 and prior (all builds) * Symantec Scan Engine version 5.0.1 and prior (all builds) * Symantec AntiVirus Scan Engine versions 4.1.8 and prior and 4.3.12 and prior (all builds) * Symantec AntiVirus Scan Engine for MS ISA versions 4.3.12 and prior (all builds) * Symantec AntiVirus Scan Engine for MS Sharepoint versions 4.3.12 and prior (all builds) * Symantec AntiVirus Scan Engine for Messaging versions 4.3.12 and prior (all builds) * Symantec AntiVirus for Network Attached Storage versions 4.3.12 and prior (all builds) * Symantec AntiVirus Scan Engine for Clearswift versions 4.3.12 and prior (all builds) * Symantec AntiVirus Scan Engine for Caching versions 4.3.12 and prior (all builds) * Symantec Client Security versions 3.0, 3.x, and 2.x (all builds) * Symantec Web Security versions 3.0.1.76 and prior (all builds) * Symantec Gateway Security 5000 Series version 3.01 (all builds) * Symantec Gateway Security 5400 Series version 2.0.1 (all builds) * Symantec Brightmail AntiSpam versions 6.0.x, 5.5, and 4.x (all builds) * Symantec AntiVirus Corporate Edition versions 10.1, 10.0, and 9.0 (10.1.5.5000 and prior and 9.0.6.1000 and prior) * Symantec AntiVirus Corperate Edition for Linux * Symantec AntiVirus for Macintosh version 10.x (all builds) * Symantec Web Security for Microsoft ISA 2004 version 5.0 (all builds) * Symantec Mail Security for SMTP version 5.0.0 (Windows/Linux/Solaris) and 5.0.1 (all builds) * Norton AntiVirus 2004/2005/2006 * Norton Internet Security 2004/2005/2005.5 AntiSpyware Edition/2006 * Norton SystemWorks 2004/2005/2006 * Norton Personal Firewall 2006 * Norton AntiVirus for Macintosh versions 9.x and 10.x * Norton Internet Security for Macintosh version 3.x * Norton SystemWorks for Macintosh version 3.x SOLUTION: Apply updates or run LiveUpdate. Please see the vendor's advisory for details. ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-07-040.html July 12, 2007 -- CVE ID: CVE-2007-0447 -- Affected Vendor: Symantec -- Affected Products: Symantec AntiVirus Engine -- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability since November 30, 2006 by Digital Vaccine protection filter ID 4875. -- Vendor Response: Symantec has issued an update to correct this vulnerability. More details can be found at: http://www.symantec.com/avcenter/security/Content/2007.07.11f.html -- Disclosure Timeline: 2006.11.09 - Vulnerability reported to vendor 2006.11.30 - Digital Vaccine released to TippingPoint customers 2007.07.12 - Coordinated public release of advisory -- Credit: This vulnerability was discovered by an anonymous researcher. -- About the Zero Day Initiative (ZDI): Established by TippingPoint, a division of 3Com, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities. Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at: http://www.zerodayinitiative.com The ZDI is unique in how the acquired vulnerability information is used. 3Com does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, 3Com provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, 3Com provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product. CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is being sent by 3Com for the sole use of the intended recipient(s) and may contain confidential, proprietary and/or privileged information. Any unauthorized review, use, disclosure and/or distribution by any recipient is prohibited. If you are not the intended recipient, please delete and/or destroy all copies of this message regardless of form and any included attachments and notify 3Com immediately by contacting the sender via reply e-mail or forwarding to 3Com at postmaster@3com.com

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Anonymous

SOURCES

LAST UPDATE DATE

2024-11-23T22:24:06.591000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE