SYM11-007 Security Advisories Relating to Symantec Products - Multi-Vendor Autonomy Verity Keyview PRZ Reader Filter Overflow

Article:TECH161387  |  Created: 2011-06-01  |  Updated: 2013-10-22  |  Article URL http://www.symantec.com/docs/TECH161387
Article Type
Technical Solution

Product(s)

Issue



Symantec was notified of a buffer overflow vulnerability identified in the Lotus Freelance Graphics PRZ file Viewer contained in Autonomy’s Verity KeyView Filter shipped and installed with the identified Symantec products.  This vulnerability can potentially be targeted during the content filtering process run against incoming specifically formatted files.  Attempted exploitation results, depending on the product involved in the processing, range from no impact to a crash of the child process with negligible impact, an application crash or, in specific instances, potentially an elevated privilege compromise of the targeted application.


Environment



Affected Products

Product
Version
Build
Solution(s)
Symantec Mail Security for Microsoft Exchange
6.x
All
SMSMSE 6.5.5
Or SMSMSE 6.0.12
Symantec Mail Security for Domino
8.x
All
SMSDOM 8.0.8
Symantec Mail Security for Domino
7.5.x
All
SMSDOM 8.0.8
Or SMSDOM 7.5.11
Symantec Brightmail and Messaging Gateway
9.5 and earlier
All
 
Symantec Messaging Gateway 9.5.1
Symantec Data Loss Prevention Enforce/Detection Servers for Windows
10.x and earlier
All
Update to Symantec DLP 10.5 and apply
Symantec_DLP_10.5.3_ReleaseUpdate_Win-IN.zip
 
Symantec Data Loss Prevention Enforce/Detection Servers for Linux
10.x and earlier
All
Update to Symantec DLP 10.5 and apply
Symantec_DLP_10.5.3_ReleaseUpdate_Lin-IN.zip
 
Symantec Data Loss Prevention Endpoint Agents
10.x and earlier
All
Update to Symantec DLP 10.5 Agent and apply
Symantec_DLP_10.5.3_Agent_Win-IN.zip
 
Symantec Data Loss Prevention Enforce/Detection Servers for Windows
11.x
All
Update to Symantec DLP 11.1
 
Symantec Data Loss Prevention Enforce/Detection Servers for Linux
11.x
All
Update to Symantec DLP 11.1
 
Symantec Data Loss Prevention Endpoint Agents
11.x
All
Update to Symantec DLP 11.1
 


Solution



For a detailed description of this vulnerability and the most recent remediation steps, please see the full Advisory posted here:

http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110531_00




Article URL http://www.symantec.com/docs/TECH161387


Terms of use for this information are found in Legal Notices