Symantec Multiple Products UPX Parsing Engine Buffer Overflow

ronjor · Feb 9, 2005

The vulnerability is caused due to a boundary error in the DEC2EXE parsing engine used by the antivirus scanning functionality when processing UPX compressed files. This can be exploited to cause a heap-based buffer overflow via a specially crafted UPX file. Updates are available (see the vendor advisory for details)
Click to expand...

Highly critical

Secunia

gerardwil · Feb 9, 2005

Symantec UPX Parsing Engine Heap Overflow

The vulnerable component fails to do proper bounds checks when analyzing certain container files for virus content. An attacker sending a specifically crafted UPX file could potentially compromise the targeted system.

(A lot) more info and fixes:
http://www.symantec.com/avcenter/security/Content/2005.02.08.html

ronjor · Feb 9, 2005

Symantec Patches High-Risk Vulnerability

In response, the Cupertino, Calif.-based company has discontinued use of the DEC2EXE engine, which is no longer required to parse compressed files. Symantec officials said the company had already deleted the vulnerable engine from the majority of its products and had planned to complete the removal from all affected product lines during upcoming maintenance updates.
Click to expand...

eweek

Log in or Sign up

Symantec Multiple Products UPX Parsing Engine Buffer Overflow

ronjor Global Moderator

gerardwil Registered Member

ronjor Global Moderator

Log in or Sign up

Symantec Multiple Products UPX Parsing Engine Buffer Overflow

ronjor Global Moderator

gerardwil Registered Member

ronjor Global Moderator

Useful Searches