Threat Level: green Handler on Duty: Rick Wanner

SANS ISC: Update - Symantec RAR File Parser Remote Heap Overflow - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Update - Symantec RAR File Parser Remote Heap Overflow
 ISS X-Force's Symantec RAR File Parser Remote Heap Overflow analysis says "The likelihood of this vulnerability being leveraged by a worm is low as successful exploitation requires a very large RAR file, in the area of 35-40MB. Files this large are not generally passed by mail servers and can eliminate this as a vector for a worm. X-Force believes this is still a serious threat since the vulnerability can be leveraged to exploit AV mail gateways. Desktops which employ the on-demand scanning function could also be exploited without user intervention when scanning files downloaded by FTP or HTTP on the desktop."

Thank you for the information X-Force!

Symantec's announcement -
SYM05-027, December 21, 2005, Symantec AntiVirus Decomposition Buffer Overflow
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!