Video Screencast Help

SEP 11 Critical Vulnerability - CVE-2012-4953

Created: 06 Nov 2012 | 8 comments

Is there any additional available about CVE-2012-4953? There is only the US-CERT announcment at I can't find any information here on Symantec's site. I'm looking to understand the vector and remediation options better. The current statement that there will be no fix for a critical vuln in the still supported (but EOL) SEP 11 is a serious concern.


Comments 8 CommentsJump to latest comment

ᗺrian's picture

I cannot find anything either.

Your best bet would be to call support to see what they have. Or perhaps if you can works with your SE on it, they may be able to get you something.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Simpson Homer's picture

Contact the Support..

Phone numbers to contact Tech Support:-

Regional Support Telephone Numbers:
United States: 800-342-0652 (407-357-7600 from outside the United States)
Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
United Kingdom: +44 (0) 870 606 6000

India: Toll-Free 000 800 4401 456 directly

IDD call: +61 2 8220 7111

Additional contact numbers:

Customer Care Contact Numbers for Licensing Issues:-

How to create a new case in MySupport

ScottSEP's picture

The SEP product team has received the vulnerability report (VU#985625) from CERT and we are actively working on a response that will include all affected versions of Symantec products as well as mitigation plans .  Please be assured that all versions of SEP 12.1 are unaffected by CERT VU#985625. We will provide an official advisory on Wednesday, November 7 PST.

Thank you for your patience until that time.

Scott Sawoya

SEP Product Management Team

Yahya's picture


Will there be a KB addressing this vulnerability?!

ScottSEP's picture

The official Symantec Security Advisory for the SEP Decomposer CAB File Issue (CERT VU#985625) has been posted.

The Security Advisory for CERT VU#985625 provides an overview, as well as technical details on this issue. The advisory also includes steps for mitigation.

The link can be found here:

Thank you for your patience.

Scott Sawoya

SEP Product Management Team

ScottSEP's picture

The official Symantec Security Advisory for the SEP Decomposer CAB File Issue (CERT VU#985625) has been updated and is now live at the link below.

Highlights of the changes in this update:

  • Clarification details on scripting the “Disable CAB file scanning” mitigation option
  • Additional mitigation option of “Disabling archive file scanning” via Antivirus policy from the SEP Manager with instructions
  • Addition of links to important KB articles

Thank you.

Scott Sawoya

SEP Product Management Team

ScottSEP's picture

We have released a Fix Tool for this issue that automates replacement of the decomposer engine for Symantec Endpoint Protection 11 RU5 to RU7 MP3.

The tool will update each RU5 to RU7 MP3 client to Decomposer version 1.2.8 and will need to be run on each client system. The SYM12-017 Symantec Legacy Decomposer CAB File Issues KB article has been updated with detailed instructions on the use of this tool. The tool can also be downloaded directly from the KB article, here:

Thank you for your continued patience on this issue.

Scott Sawoya

SEP Product Management

Mick2009's picture

Just adding new information that may be of interest:

About the LiveUpdate patch for Symantec Advisory SYM-12-017
Article:TECH200168   |  Created: 2012-11-27   |  Updated: 2012-11-28   | 
Article URL

With thanks and best regards,