xcdegasp
13-07-2007, 20:24
Secunia ha annunciato due ore fa' la scoperta di una gravissimo problema che affligge gli antivirus e suite della Symantec:
http://secunia.com/advisories/26053/
Description:
Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) A boundary error within the Symantec Decomposer component when handling CAB archives can be exploited to cause a heap corruption via a specially crafted CAB archive.
Successful exploitation may allow execution of arbitrary code.
2) An input validation error within the Symantec Decomposer component when handling RAR archives can be exploited to cause an infinite loop via a RAR archive with a specially crafted header containing a forged PACK_SIZE field.
Prodotti afflitti dalle due falle:
Symantec AntiVirus Corporate Edition 10.x
Symantec AntiVirus Corporate Edition 9.x
Symantec AntiVirus Corporate Edition for Linux
Symantec AntiVirus for Macintosh 10.x
Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Brightmail AntiSpam 4.x
Symantec Brightmail AntiSpam 5.x
Symantec Brightmail AntiSpam 6.x
Symantec Client Security 2.x
Symantec Client Security 3.x
Symantec Mail Security for Domino 4.x
Symantec Mail Security for Domino 5.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Mail Security for Microsoft Exchange 6.x
Symantec Mail Security for SMTP 5.x
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2005
Symantec Norton AntiVirus 2006
Symantec Norton AntiVirus for Macintosh 10.x
Symantec Norton AntiVirus for Macintosh 9.x
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2004 Professional
Symantec Norton Internet Security 2005
Symantec Norton Internet Security 2006
Symantec Norton Internet Security for Macintosh 3.x
Symantec Norton Personal Firewall 2006
Symantec Norton SystemWorks 2004
Symantec Norton SystemWorks 2005
Symantec Norton SystemWorks 2006
Symantec Norton SystemWorks for Macintosh 3.x
Symantec Scan Engine 5.x
Symantec Web Security 3.x
Soluzione:
scaricare gli aggiornamenti il prima possibile!
http://secunia.com/advisories/26053/
Description:
Two vulnerabilities have been reported in various Symantec products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) A boundary error within the Symantec Decomposer component when handling CAB archives can be exploited to cause a heap corruption via a specially crafted CAB archive.
Successful exploitation may allow execution of arbitrary code.
2) An input validation error within the Symantec Decomposer component when handling RAR archives can be exploited to cause an infinite loop via a RAR archive with a specially crafted header containing a forged PACK_SIZE field.
Prodotti afflitti dalle due falle:
Symantec AntiVirus Corporate Edition 10.x
Symantec AntiVirus Corporate Edition 9.x
Symantec AntiVirus Corporate Edition for Linux
Symantec AntiVirus for Macintosh 10.x
Symantec AntiVirus for Network Attached Storage 4.x
Symantec AntiVirus Scan Engine 4.x
Symantec AntiVirus/Filtering for Domino 3.x
Symantec Brightmail AntiSpam 4.x
Symantec Brightmail AntiSpam 5.x
Symantec Brightmail AntiSpam 6.x
Symantec Client Security 2.x
Symantec Client Security 3.x
Symantec Mail Security for Domino 4.x
Symantec Mail Security for Domino 5.x
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Mail Security for Microsoft Exchange 6.x
Symantec Mail Security for SMTP 5.x
Symantec Norton AntiVirus 2004
Symantec Norton AntiVirus 2005
Symantec Norton AntiVirus 2006
Symantec Norton AntiVirus for Macintosh 10.x
Symantec Norton AntiVirus for Macintosh 9.x
Symantec Norton Internet Security 2004
Symantec Norton Internet Security 2004 Professional
Symantec Norton Internet Security 2005
Symantec Norton Internet Security 2006
Symantec Norton Internet Security for Macintosh 3.x
Symantec Norton Personal Firewall 2006
Symantec Norton SystemWorks 2004
Symantec Norton SystemWorks 2005
Symantec Norton SystemWorks 2006
Symantec Norton SystemWorks for Macintosh 3.x
Symantec Scan Engine 5.x
Symantec Web Security 3.x
Soluzione:
scaricare gli aggiornamenti il prima possibile!