Symantec Multiple Products UPX Parsing Engine Buffer Overflow

ronjor · #1 February 9th, 2005, 08:47 AM

Quote:

The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file. Updates are available (see the vendor advisory for details)

Highly critical

Secunia

gerardwil · #2 February 9th, 2005, 12:48 PM

The vulnerable component fails to do proper bounds checks when analyzing certain container files for virus content. An attacker sending a specifically crafted UPX file could potentially compromise the targeted system.

(A lot) more info and fixes:
http://www.symantec.com/avcenter/sec...005.02.08.html

ronjor · #3 February 9th, 2005, 05:57 PM

Symantec Patches High-Risk Vulnerability

Quote:

In response, the Cupertino, Calif.-based company has discontinued use of the DEC2EXE engine, which is no longer required to parse compressed files. Symantec officials said the company had already deleted the vulnerable engine from the majority of its products and had planned to complete the removal from all affected product lines during upcoming maintenance updates.

eweek

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search