TITLE: Symantec AntiVirus RAR Archive Decompression Buffer Overflow SECUNIA ADVISORY ID: SA18131 VERIFY ADVISORY: http://secunia.com/advisories/18131/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Symantec AntiVirus Corporate Edition 10.x http://secunia.com/product/5555/ Symantec AntiVirus Corporate Edition 8.x http://secunia.com/product/659/ Symantec AntiVirus Corporate Edition 9.x http://secunia.com/product/3549/ Symantec AntiVirus for Caching 4.x http://secunia.com/product/4626/ Symantec AntiVirus for Network Attached Storage 4.x http://secunia.com/product/4625/ Symantec AntiVirus for SMTP Gateways 3.x http://secunia.com/product/2231/ Symantec AntiVirus Scan Engine 4.x http://secunia.com/product/3040/ Symantec AntiVirus/Filtering for Domino 3.x http://secunia.com/product/2029/ Symantec Brightmail AntiSpam 4.x http://secunia.com/product/4627/ Symantec Brightmail AntiSpam 5.x http://secunia.com/product/4628/ Symantec Brightmail AntiSpam 6.x http://secunia.com/product/3656/ Symantec Client Security 1.x http://secunia.com/product/2344/ Symantec Client Security 2.x http://secunia.com/product/3478/ Symantec Mail Security for Domino 4.x http://secunia.com/product/4624/ Symantec Mail Security for Exchange 4.x http://secunia.com/product/2820/ Symantec Mail Security for SMTP 4.x http://secunia.com/product/3558/ Symantec Norton AntiVirus 2001 http://secunia.com/product/221/ Symantec Norton AntiVirus 2002 http://secunia.com/product/846/ Symantec Norton AntiVirus 2003 http://secunia.com/product/175/ Symantec Norton AntiVirus 2004 http://secunia.com/product/2800/ Symantec Norton AntiVirus 2005 http://secunia.com/product/4009/ Symantec Norton AntiVirus 5 http://secunia.com/product/848/ Symantec Norton AntiVirus 5.0 for OS/2 http://secunia.com/product/172/ Symantec Norton AntiVirus Corporate Edition 7.x http://secunia.com/product/643/ Symantec Norton AntiVirus for Macintosh 10.x http://secunia.com/product/5949/ Symantec Norton AntiVirus for Macintosh 9.x http://secunia.com/product/5948/ Symantec Norton AntiVirus for Microsoft Exchange 2.x http://secunia.com/product/1017/ Symantec Norton AntiVirus for Microsoft Exchange 3.x http://secunia.com/product/1018/ Symantec Norton AntiVirus Solution 7.5 http://secunia.com/product/173/ Symantec Norton Internet Security 2001 http://secunia.com/product/2802/ Symantec Norton Internet Security 2002 http://secunia.com/product/2801/ Symantec Norton Internet Security 2003 http://secunia.com/product/969/ Symantec Norton Internet Security 2003 Professional http://secunia.com/product/970/ Symantec Norton Internet Security 2004 http://secunia.com/product/2441/ Symantec Norton Internet Security 2004 Professional http://secunia.com/product/2442/ Symantec Norton Internet Security 2005 http://secunia.com/product/4848/ Symantec Norton Internet Security for Macintosh 3.x http://secunia.com/product/5951/ Symantec Web Security 2.x http://secunia.com/product/2812/ Symantec Web Security 3.x http://secunia.com/product/2813/ DESCRIPTION: Alex Wheeler has reported a vulnerability in Symantec AntiVirus, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned. The vulnerability has been reported in Dec2Rar.dll version 3.2.14.3 and potentially affects all Symantec products that use the DLL. SOLUTION: Filter RAR archives at email or proxy gateways. PROVIDED AND/OR DISCOVERED BY: Alex Wheeler ORIGINAL ADVISORY: http://www.rem0te.com/public/images/symc2.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------