Symantec Legacy Decomposer Code Execution (SYM12-017)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an antivirus application that is affected
by a code execution vulnerability.

Description :

The version of Symantec Endpoint Protection or Symantec Scan Engine
installed on the remote Windows host is potentially affected by a code
execution vulnerability. The legacy decomposer engine fails to
properly handle bounds-checking when parsing files from some versions
of CAB archives.

See also :

http://www.nessus.org/u?4edb61b4
http://www.nessus.org/u?f9cc0e1b

Solution :

For Symantec AntiVirus 10.x, upgrade to Symantec Enpoint Protection
12.1 or later.

For Symantec Enpoint Protection 11.x or 12.0, either run Live Update
to upgrade the decomposer engine to version 1.2.8.4 or upgrade to
Symantec Endpoint Proection 12.1 or later.

For Symantec Scan Engine, upgrade to Symantec Scan Engine 5.2.8 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 62925 ()

Bugtraq ID: 56399

CVE ID: CVE-2012-4953

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now