Symantec Multiple Products UPX Parsing Engine Buffer Overflow

Discussion in 'other anti-virus software' started by stormbyte, Feb 10, 2005.

Thread Status:
Not open for further replies.
  1. stormbyte

    stormbyte AV Expert

    Joined:
    Jul 9, 2004
    Posts:
    97
    SS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file.

    http://secunia.com/advisories/14179/

    Mariusz
    stormbyte.com
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    53,211
    Location:
    Texas
  3. Blackcat

    Blackcat Registered Member

    Joined:
    Nov 22, 2002
    Posts:
    3,946
    Location:
    Christchurch, UK
    Or to any of many other worthy AV's ;) Possibly.

    But I am sure that Symantec will have a fix for this soon. In fact they already have by the post that Ronjor has shown above!!!!!!

    Too early to jump ship yet, particularly when your new version has only just come out! ArcaVir has had no time to settle down yet ;)

    Mks-Vir/ArcaVir can stand on its own two legs without (constant) plugging of switching to this AV because of shortcomings/vulnerabilities in other AV programs.

    No disrespect, Mariusz, you have a good product.
     
    Last edited: Feb 10, 2005
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    53,211
    Location:
    Texas
    Symantec Patches High-Risk Vulnerability


     
  5. Stefan Kurtzhals

    Stefan Kurtzhals AV Expert

    Joined:
    Sep 30, 2003
    Posts:
    699
    The funny part is, Symantec added a heuristic detection to catch files that contain this exploit (beside updating their scan engine).
     
  6. stormbyte

    stormbyte AV Expert

    Joined:
    Jul 9, 2004
    Posts:
    97
    Problem with Norton - there are milions of outdated copies out there. Many of them are just trial versions that expired. People using them will think that they are protected.

    mks_vir has been around for more then 17 years. Program was designed for polish market only but still..

    Sorry but as far as I remember this was my first post about vulnerabilities in other AV programs. Please correct me if I'm wrong.

    Mariusz

    www.stormbyte.com
     
    Last edited: Feb 11, 2005
Thread Status:
Not open for further replies.