---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Symantec AntiVirus Products RAR Archive Virus Detection Bypass SECUNIA ADVISORY ID: SA15153 VERIFY ADVISORY: http://secunia.com/advisories/15153/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From remote SOFTWARE: Symantec Web Security 3.x http://secunia.com/product/2813/ Symantec Norton SystemWorks 2005 http://secunia.com/product/4847/ Symantec Norton Internet Security 2005 http://secunia.com/product/4848/ Symantec Norton AntiVirus 2005 http://secunia.com/product/4009/ Symantec Mail Security for SMTP 4.x http://secunia.com/product/3558/ Symantec Mail Security for Exchange 4.x http://secunia.com/product/2820/ Symantec AntiVirus/Filtering for Domino 3.x http://secunia.com/product/2029/ Symantec AntiVirus Scan Engine 4.x http://secunia.com/product/3040/ DESCRIPTION: André Jerleke has reported a vulnerability in various Symantec AntiVirus products, which can be exploited by malware to bypass certain scanning functionality. The vulnerability is caused due to an error in the Symantec Antivirus component when processing encoded or archived content. This can be exploited to crash the decomposer component when parsing a specially crafted RAR file. Successful exploitation causes malware inside the RAR file to bypass the scanning functionality. This vulnerability primarily poses a risk in environments where virus scanning only is performed on gateway systems, as the malware still is detected by the RealTime Virus Scan / Auto-Protect functionality when extracted on systems running Symantec Antivirus. Certain Windows builds of the following products are affected: * Symantec Web Security * Symantec Mail Security for SMTP * Symantec AntiVirus Scan Engine * Symantec SAV/Filter for Domino NT * Symantec Mail Security for Exchange * Symantec Norton AntiVirus 2005 * Symantec Norton Internet Security 2005 * Symantec Norton System Works 2005 NOTE: See the vendor advisory for a list of affected and fixed versions. SOLUTION: Updates are available via LiveUpdate and from the Symantec Support site. http://www.symantec.com/techsupp/ PROVIDED AND/OR DISCOVERED BY: André Jerleke ORIGINAL ADVISORY: Symantec: http://securityresponse.symantec.com/avcenter/security/Content/2005.04.27.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------