1. /
  2. Security Response/
  3. Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities

Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities

Risk

High

Date Discovered

July 11, 2007

Description

Symantec AntiVirus products that include the Symantec Decomposer are prone to multiple remote vulnerabilities related to the handling of CAB and RAR archives. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability. Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges or to cause the affected application to enter an infinite loop, resulting in a denial-of-service condition.

Technologies Affected

  • Symantec AntiVirus Corporate Edition 10.0.0
  • Symantec AntiVirus Corporate Edition 10.0.0.359
  • Symantec AntiVirus Corporate Edition 10.0.1.1000
  • Symantec AntiVirus Corporate Edition 10.0.1.1007
  • Symantec AntiVirus Corporate Edition 10.0.1.1008
  • Symantec AntiVirus Corporate Edition 10.0.2 .2001
  • Symantec AntiVirus Corporate Edition 10.0.2 .2010
  • Symantec AntiVirus Corporate Edition 10.0.2.2000
  • Symantec AntiVirus Corporate Edition 10.0.2.2002
  • Symantec AntiVirus Corporate Edition 10.0.2.2010
  • Symantec AntiVirus Corporate Edition 10.0.2.2011
  • Symantec AntiVirus Corporate Edition 10.0.2.2020
  • Symantec AntiVirus Corporate Edition 10.0.2.2021
  • Symantec AntiVirus Corporate Edition 10.1
  • Symantec AntiVirus Corporate Edition 10.1.0.394
  • Symantec AntiVirus Corporate Edition 10.1.0.396
  • Symantec AntiVirus Corporate Edition 10.1.0.400
  • Symantec AntiVirus Corporate Edition 10.1.0.401
  • Symantec AntiVirus Corporate Edition 10.1.4
  • Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 - build 4010
  • Symantec AntiVirus Corporate Edition 10.1.4.4010
  • Symantec AntiVirus Corporate Edition 9.0.0
  • Symantec AntiVirus Corporate Edition 9.0.0 .0.338
  • Symantec AntiVirus Corporate Edition 9.0.1 .1.1000
  • Symantec AntiVirus Corporate Edition 9.0.2 .1000
  • Symantec AntiVirus Corporate Edition 9.0.3 .1000
  • Symantec AntiVirus Corporate Edition 9.0.4
  • Symantec AntiVirus Corporate Edition 9.0.4 MR4 build 1000
  • Symantec AntiVirus Corporate Edition 9.0.5
  • Symantec AntiVirus Corporate Edition 9.0.5.1100
  • Symantec AntiVirus Corporate Edition 9.0.6.1000
  • Symantec AntiVirus Corporate Edition for Linux
  • Symantec AntiVirus Scan Engine 4.0.0
  • Symantec AntiVirus Scan Engine 4.1.0
  • Symantec AntiVirus Scan Engine 4.1.8
  • Symantec AntiVirus Scan Engine 4.3.0
  • Symantec AntiVirus Scan Engine 4.3.0 build 4.3.3
  • Symantec AntiVirus Scan Engine 4.3.0 build 4.3.7.27
  • Symantec AntiVirus Scan Engine 4.3.0 build 4.3.8.29
  • Symantec AntiVirus Scan Engine 4.3.12
  • Symantec AntiVirus Scan Engine 4.3.3
  • Symantec AntiVirus Scan Engine 5.0
  • Symantec AntiVirus Scan Engine 5.0.1
  • Symantec AntiVirus Scan Engine for Caching 4.3.0
  • Symantec AntiVirus Scan Engine for Caching 4.3.12
  • Symantec AntiVirus Scan Engine for Clearswift 4.0.0
  • Symantec AntiVirus Scan Engine for Clearswift 4.3.0
  • Symantec AntiVirus Scan Engine for Clearswift 4.3.12
  • Symantec AntiVirus Scan Engine for Messaging 4.3.12
  • Symantec AntiVirus Scan Engine for Microsoft SharePoint 4.3.0
  • Symantec AntiVirus Scan Engine for Microsoft SharePoint 4.3.12
  • Symantec AntiVirus Scan Engine for Network Attached Storage 4.3.0
  • Symantec AntiVirus Scan Engine for Network Attached Storage 4.3.12
  • Symantec AntiVirus for Macintosh 10.0.0
  • Symantec AntiVirus/Filtering for Domino MPE 3.0.12
  • Symantec Brightmail Anti-Spam 4.0.0
  • Symantec Brightmail Anti-Spam 5.5.0
  • Symantec Brightmail Anti-Spam 6.0.0
  • Symantec Brightmail Anti-Spam 6.0.1
  • Symantec Brightmail Anti-Spam 6.0.2
  • Symantec Brightmail Anti-Spam 6.0.3
  • Symantec Brightmail Anti-Spam 6.0.4
  • Symantec Client Security 2.0.0
  • Symantec Client Security 2.0.0 (SCF 7.1)
  • Symantec Client Security 2.0.0 STM build 9.0.0.338
  • Symantec Client Security 2.0.1 MR1 b9.0.1.1000
  • Symantec Client Security 2.0.2 MR2 b9.0.2.1000
  • Symantec Client Security 2.0.3 MR3 b9.0.3.1000
  • Symantec Client Security 2.0.4
  • Symantec Client Security 2.0.4 MR4 build 1000
  • Symantec Client Security 2.0.5 build 1100
  • Symantec Client Security 2.0.6 MR6
  • Symantec Client Security 3.0.0
  • Symantec Client Security 3.0.0.359
  • Symantec Client Security 3.0.1.1000
  • Symantec Client Security 3.0.1.1001
  • Symantec Client Security 3.0.1.1007
  • Symantec Client Security 3.0.1.1008
  • Symantec Client Security 3.0.2.2000
  • Symantec Client Security 3.0.2.2001
  • Symantec Client Security 3.0.2.2002
  • Symantec Client Security 3.0.2.2010
  • Symantec Client Security 3.0.2.2011
  • Symantec Client Security 3.0.2.2020
  • Symantec Client Security 3.0.2.2021
  • Symantec Client Security 3.1
  • Symantec Client Security 3.1.0.394
  • Symantec Client Security 3.1.0.396
  • Symantec Client Security 3.1.0.400
  • Symantec Client Security 3.1.0.401
  • Symantec Gateway Security 5000 Series 3.0.1
  • Symantec Gateway Security 5400 2.0.1
  • Symantec Mail Security 8200 Series Appliance
  • Symantec Mail Security for Domino 4.0.0
  • Symantec Mail Security for Domino 4.0.0 build 4.0.1
  • Symantec Mail Security for Domino 4.0.1
  • Symantec Mail Security for Domino 4.1.0
  • Symantec Mail Security for Domino 4.1.4
  • Symantec Mail Security for Domino 5.0.0 .47
  • Symantec Mail Security for Domino 5.1.0
  • Symantec Mail Security for Domino 5.1.2.28
  • Symantec Mail Security for Microsoft Exchange 4.0.0
  • Symantec Mail Security for Microsoft Exchange 4.0.0 build 456
  • Symantec Mail Security for Microsoft Exchange 4.0.0 build 463
  • Symantec Mail Security for Microsoft Exchange 4.0.0 build 465
  • Symantec Mail Security for Microsoft Exchange 4.0.0 build 736
  • Symantec Mail Security for Microsoft Exchange 4.0.0 build 741
  • Symantec Mail Security for Microsoft Exchange 4.0.0 build 743
  • Symantec Mail Security for Microsoft Exchange 4.1.0 461
  • Symantec Mail Security for Microsoft Exchange 4.1.0 build 458
  • Symantec Mail Security for Microsoft Exchange 4.1.0 build 459
  • Symantec Mail Security for Microsoft Exchange 4.5.0
  • Symantec Mail Security for Microsoft Exchange 4.5.0 build 4.5.4.743
  • Symantec Mail Security for Microsoft Exchange 4.5.0 build 719
  • Symantec Mail Security for Microsoft Exchange 4.5.0 build 736
  • Symantec Mail Security for Microsoft Exchange 4.5.0 build 741
  • Symantec Mail Security for Microsoft Exchange 4.5.0 build 743
  • Symantec Mail Security for Microsoft Exchange 4.6.0 build 4.6.1.107
  • Symantec Mail Security for Microsoft Exchange 4.6.0 build 97
  • Symantec Mail Security for Microsoft Exchange 4.6.3
  • Symantec Mail Security for Microsoft Exchange 5.0.0
  • Symantec Mail Security for Microsoft Exchange 5.0.0.204
  • Symantec Mail Security for Microsoft Exchange 6.0.0
  • Symantec Mail Security for SMTP 5.0
  • Symantec Mail Security for SMTP 5.0.1
  • Symantec Norton AntiVirus 2004
  • Symantec Norton AntiVirus 2004 Professional Edition
  • Symantec Norton AntiVirus 2005
  • Symantec Norton AntiVirus 2005 11.0.0
  • Symantec Norton AntiVirus 2005 11.0.9
  • Symantec Norton AntiVirus 2005 Professional Edition
  • Symantec Norton AntiVirus 2006
  • Symantec Norton Antivirus 9.0 for Macintosh
  • Symantec Norton Antivirus for Macintosh 10.0.0 .0
  • Symantec Norton Antivirus for Macintosh 10.0.1
  • Symantec Norton Antivirus for Macintosh 10.9.1
  • Symantec Norton Antivirus for Macintosh 9.0.0 .0
  • Symantec Norton Antivirus for Macintosh 9.0.1
  • Symantec Norton Antivirus for Macintosh 9.0.2
  • Symantec Norton Antivirus for Macintosh 9.0.3
  • Symantec Norton Internet Security 2004
  • Symantec Norton Internet Security 2004 Professional Edition
  • Symantec Norton Internet Security 2005
  • Symantec Norton Internet Security 2005 11.0.0
  • Symantec Norton Internet Security 2005 11.0.9
  • Symantec Norton Internet Security 2005 11.5.6 .14
  • Symantec Norton Internet Security 2005 Professional Edition
  • Symantec Norton Internet Security 2006
  • Symantec Norton Internet Security 2006 Professional Edition
  • Symantec Norton Internet Security for Macintosh 3.0
  • Symantec Norton Personal Firewall 2006
  • Symantec Norton Personal Firewall 2006 9.1.0.33
  • Symantec Norton Personal Firewall 2006 9.1.1.7
  • Symantec Norton System Works 2005
  • Symantec Norton System Works 2005 11.0.0
  • Symantec Norton System Works 2005 11.0.9
  • Symantec Norton System Works 2005 Premier
  • Symantec Norton System Works 2006
  • Symantec Norton System Works for Macintosh 3.0
  • Symantec Norton SystemWorks 2004
  • Symantec Norton SystemWorks 2005
  • Symantec Norton SystemWorks 2006
  • Symantec Symantec AntiVirus Scan Engine for Microsoft ISA 4.3.12
  • Symantec Web Security 2.5.0
  • Symantec Web Security 3.0.0
  • Symantec Web Security 3.0.1
  • Symantec Web Security 3.0.1 .70
  • Symantec Web Security 3.0.1 .76
  • Symantec Web Security 3.0.1 Build 62
  • Symantec Web Security 3.0.1 build 3.0.1.70
  • Symantec Web Security 3.0.1 build 3.0.1.72
  • Symantec Web Security 3.0.1 build 3.0.1.74
  • Symantec Web Security 3.0.1 build 3.01.59
  • Symantec Web Security 3.0.1 build 3.01.60
  • Symantec Web Security 3.0.1 build 3.01.61
  • Symantec Web Security 3.0.1 build 3.01.62
  • Symantec Web Security 3.0.1 build 3.01.63
  • Symantec Web Security 3.0.1 build 3.01.67
  • Symantec Web Security 3.0.1 build 3.01.68
  • Symantec Web Security for Microsoft ISA 2004 5.0

Recommendations

Run all software as a nonprivileged user with minimal access rights.

To mitigate the impact of successful exploits, run all software with the least privileges required to maintain functionality.

Do not accept or execute files from untrusted or unknown sources.

To reduce the likelihood of successful exploits, never handle files that originate from unfamiliar or untrusted sources.

Implement multiple redundant layers of security.

Various memory-protection schemes (such as nonexecutable and randomly mapped memory segments) may complicate exploits of memory-corruption vulnerabilities.
The vendor released an advisory and updates to address this issue. To update consumer products, run LiveUpdate in Interactive Mode. For Mac consumer products, install definitions released after 10/1/2006. Please refer to the advisory for a complete list of affected products and applicable updates.

Credits

3Com and the Zero-Day Initiative are credited with discovery.
Copyright © Symantec Corporation.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from secure@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Symantec, Symantec products, Symantec Security Response, and secure@symantec.com are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Threat Intelligence

Subscribe
Follow the Threat Intelligence Twitter feed
STAR Antimalware Protection Technologies
Internet Security Threat Report, Volume 17
Symantec DeepSight Screensaver