RAR Leaves Symantec Vulnerable

Subject: General Tech | December 22, 2005 - 11:00 AM |
Tagged:

According to Alex Wheeler, Symantec products are vulnerable to heap overflow exploitation caused by RAR compressed files. According to Wheeler, the scanning of compressed RAR files leaves Symantec software (not just their anti-virus software) leaves the software open for possible exploitation by hackers. What is worse is that hackers can use this vulnerability through common protocols like SMTP because of the way Symantec scans network traffic.


Read the PDF release by Wheeler here.


The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP.
No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

By submitting this form, you accept the Mollom privacy policy.