Symantec Antivirus Scan Engine RAR and CAB Parsing Multiple Vulnerabilities

high Nessus Plugin ID 67002

Synopsis

The remote host is affected by a heap overflow vulnerability.

Description

The remote host is running a version of the Symantec Mail Security for Exchange / Domino that is affected by multiple vulnerabilities :

- A heap overflow vulnerability exists that can be triggered when the scanning engine processes a specially crafted CAB file, possibly leading to arbitrary code execution. (CVE-2007-0447)

- It is is possible to trigger a denial of service condition when the scanning engine processes a RAR file with a specially crafted header. (CVE-2007-3699)

Solution

Apply the appropriate updates per the vendor's advisory.

See Also

https://www.zerodayinitiative.com/advisories/ZDI-07-040/

http://www.nessus.org/u?02420ead

https://support.symantec.com/en_US/article.SYMSA1129.html

Plugin Details

Severity: High

ID: 67002

File Name: symantec_decomposer_sym07-019.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 6/27/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:symantec:antivirus_scan_engine

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Patch Publication Date: 7/11/2007

Vulnerability Publication Date: 7/12/2007

Reference Information

CVE: CVE-2007-0447, CVE-2007-3699

BID: 24282

CWE: 119