RAR Leaves Symantec Vulnerable
Subject: General Tech | December 22, 2005 - 02:00 PM | Jonathan Hung
According to Alex Wheeler, Symantec products are vulnerable to heap overflow exploitation caused by RAR compressed files. According to Wheeler, the scanning of compressed RAR files leaves Symantec software (not just their anti-virus software) leaves the software open for possible exploitation by hackers. What is worse is that hackers can use this vulnerability through common protocols like SMTP because of the way Symantec scans network traffic.
Read the PDF release by Wheeler here.
The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP.