Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2007 > Symantec Security Advisory - AntiVirus Malformed RAR and CAB Compression Type Bypass

July 2007

Symantec Security Advisory - AntiVirus Malformed RAR and CAB Compression Type Bypass

ID: 3267
Date: 24 July 2007 10:27
Title: Symantec Security Advisory - AntiVirus Malformed RAR and CAB Compression Type Bypass
Abstract: Two vulnerabilities have been identified in the Symantec Decomposer component used to decompose some types of archive content while scanning for malicious content.
Vendors affected:Symantec

Two vulnerabilities have been identified in the Symantec Decomposer component
used to decompose some types of archive content while scanning for malicious
content.

Details
The first vulnerability is related to the decomposition of RAR files.
Modifying the RAR file header in a specific way, causes the decomposer to
enter an infinite loop causing a Denial of Service.

The second vulnerability is related to the decomposition of CAB files. The
Symantec Decomposer fails to perform proper bounds checks when copying from
the CAB archive. This may result in the possibility of arbitary code execution
on the vulnerable system.

NOTE:

Only currently supported Symantec Products will be updated. Customers using
unsupported versions are encouraged to upgrade to a supported version.


Symantec response
Symantec engineers have verified and corrected these issues in all currently
supported products. Updates are available for supported products. Symantec
recommends customers apply the latest product update available for their
supported product versions to enhance their security posture and protect
against potential security threats of this nature.

Full details are available from the following URL:
http://www.symantec.com/avcenter/security/Content/2007.07.11f.html
___________________________________________________________________________

CPNI wishes to acknowledge the contributions of Symantec
for the information contained in this advisory.

This advisory contains information released by the original author. Some of the information may have changed since it was released. If the issue affects you, it may be prudent to retrieve the advisory from the site of the original source to ensure that you receive the most current information concerning that problem. Reference to any specific commercial product, process, or service by trade name, trademark manufacturer, or otherwise, does not constitute or imply its endorsement, recommendation, or favouring by CPNI.

The views and opinions of authors expressed within this notice shall not be used for advertising or product endorsement purposes. CPNI shall not accept responsibility for any errors or omissions contained within this advisory. In particular, they shall not be liable for any loss or damage whatsoever, arising from or in connection with the usage of information contained within this advisory.

CSIRTUK is a member of the Forum of Incident Response and Security Teams (FIRST) and has contacts with other international Incident Response Teams (IRTs) in order to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing amongst its members and the community at large.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |