Symantec Multiple Products UPX Parsing Engine Buffer Overflow

SS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file.

http://secunia.com/advisories/14179/

Mariusz
stormbyte.com

 

Or to any of many other worthy AV's Possibly.

But I am sure that Symantec will have a fix for this soon. In fact they already have by the post that Ronjor has shown above!!!!!!

Too early to jump ship yet, particularly when your new version has only just come out! ArcaVir has had no time to settle down yet

Mks-Vir/ArcaVir can stand on its own two legs without (constant) plugging of switching to this AV because of shortcomings/vulnerabilities in other AV programs.

No disrespect, Mariusz, you have a good product.

 

The funny part is, Symantec added a heuristic detection to catch files that contain this exploit (beside updating their scan engine).

 

Problem with Norton - there are milions of outdated copies out there. Many of them are just trial versions that expired. People using them will think that they are protected.

mks_vir has been around for more then 17 years. Program was designed for polish market only but still..

Sorry but as far as I remember this was my first post about vulnerabilities in other AV programs. Please correct me if I'm wrong.

Mariusz

www.stormbyte.com