dcsimg
 

Symantec Patches High-Risk Vulnerability

By Ryan Naraine  |  Print this article Print
 
 
 
 
 
 
 

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


Symantec discontinues the use of the DEC2EXE parsing engine to address a highly critical flaw affecting multiple product lines.

Network security specialist Symantec Corp. has confirmed a high-risk vulnerability in multiple anti-virus and anti-spam products and warned that a successful exploit could lead to code execution attacks.

The vulnerability, which was reported by Internet Security Systems Inc.'s X-Force unit, is described as a boundary error in the DEC2EXE parsing engine used in versions of the Symantec scan engine.

"The vulnerable DEC2EXE engine contained a heap overflow that could be initiated by sending a specifically crafted UPX file that would be parsed by the vulnerable DEC2EXE engine. If successfully exploited, the attack could potentially result in remote arbitrary code execution and possible compromise of the targeted system," Symantec said in a security advisory.

In response, the Cupertino, Calif.-based company has discontinued use of the DEC2EXE engine, which is no longer required to parse compressed files. Symantec officials said the company had already deleted the vulnerable engine from the majority of its products and had planned to complete the removal from all affected product lines during upcoming maintenance updates.

A separate alert from ISS X-Force said the flaw affects all products that depend on the Symantec AntiVirus Library to push out anti-virus capabilities to desktops, servers and enterprise gateway systems.

"Several large vendors and ISPs implement Symantec's AntiVirus Library in their products. By crafting a UPX file, an attacker is able to trigger a heap overflow within the process importing the Symantec AntiVirus Library," ISS X-Force said in the alert.

The flaw affects multiple enterprise and consumer product lines, ranging from Norton AntiVirus, Symantec Mail Security, AntiVirus/Filtering, Symantec Web Security, Symantec BrightMail AntiSpam and Symantec AntiVirus Corporate Edition.

Click here to read about high-risk security holes in Symantec's Nexland Firewall appliances.

The company has published a complete list of affected and non-affected products.

Symantec has also posted hotfixes to address this issue for the affected Symantec Gateway Security 5300 and 5400 Series appliances. The fix removes the legacy DEC2EXE engine from the affected products and upgrades the scan engine to a new version.

Product specific hotfixes are available through the Symantec Enterprise Support site.

Check out eWEEK.com's for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's Weblog.

 
 
 
 
 
 
 
 
 
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 

Submit a Comment

Loading Comments...
























By submitting your information, you agree that channelinsider.com may send you channelinsider offers via email, phone and text message, as well as email offers about other products and services that channelinsider believes may be of interest to you. channelinsider will process your information in accordance with the Quinstreet Privacy Policy.

 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date