Update - Symantec RAR File Parser Remote Heap Overflow

Published: 2005-12-23
Last Updated: 2005-12-23 12:01:29 UTC
by Patrick Nolan (Version: 1)
0 comment(s)
 ISS X-Force's Symantec RAR File Parser Remote Heap Overflow analysis says "The likelihood of this vulnerability being leveraged by a worm is low as successful exploitation requires a very large RAR file, in the area of 35-40MB. Files this large are not generally passed by mail servers and can eliminate this as a vector for a worm. X-Force believes this is still a serious threat since the vulnerability can be leveraged to exploit AV mail gateways. Desktops which employ the on-demand scanning function could also be exploited without user intervention when scanning files downloaded by FTP or HTTP on the desktop."

Thank you for the information X-Force!

Symantec's announcement -
SYM05-027, December 21, 2005, Symantec AntiVirus Decomposition Buffer Overflow
0 comment(s)


Diary Archives