Symantec Multiple Products UPX Parsing Engine Buffer Overflow

Discussion in 'other anti-virus software' started by stormbyte, Feb 10, 2005.

Thread Status:
Not open for further replies.
  1. stormbyte
    Offline

    stormbyte AV Expert

    SS X-Force has reported a vulnerability in multiple Symantec products, which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file.

    http://secunia.com/advisories/14179/

    Mariusz
    stormbyte.com
  2. ronjor
    Online

    ronjor Global Moderator

  3. Blackcat
    Offline

    Blackcat Registered Member

    Or to any of many other worthy AV's ;) Possibly.

    But I am sure that Symantec will have a fix for this soon. In fact they already have by the post that Ronjor has shown above!!!!!!

    Too early to jump ship yet, particularly when your new version has only just come out! ArcaVir has had no time to settle down yet ;)

    Mks-Vir/ArcaVir can stand on its own two legs without (constant) plugging of switching to this AV because of shortcomings/vulnerabilities in other AV programs.

    No disrespect, Mariusz, you have a good product.
    Last edited: Feb 10, 2005
  4. ronjor
    Online

    ronjor Global Moderator

    Symantec Patches High-Risk Vulnerability


  5. Stefan Kurtzhals
    Offline

    Stefan Kurtzhals AV Expert

    The funny part is, Symantec added a heuristic detection to catch files that contain this exploit (beside updating their scan engine).
  6. stormbyte
    Offline

    stormbyte AV Expert

    Problem with Norton - there are milions of outdated copies out there. Many of them are just trial versions that expired. People using them will think that they are protected.

    mks_vir has been around for more then 17 years. Program was designed for polish market only but still..

    Sorry but as far as I remember this was my first post about vulnerabilities in other AV programs. Please correct me if I'm wrong.

    Mariusz

    www.stormbyte.com
    Last edited: Feb 11, 2005
Thread Status:
Not open for further replies.