Symantec Legacy Decomposer Code Execution (SYM12-017)
High Nessus Plugin ID 62925
SynopsisThe remote Windows host has an antivirus application that is affected by a code execution vulnerability.
DescriptionThe version of Symantec Endpoint Protection or Symantec Scan Engine installed on the remote Windows host is potentially affected by a code execution vulnerability. The legacy decomposer engine fails to properly handle bounds-checking when parsing files from some versions of CAB archives.
SolutionFor Symantec AntiVirus 10.x, upgrade to Symantec Enpoint Protection 12.1 or later.
For Symantec Enpoint Protection 11.x or 12.0, either run Live Update to upgrade the decomposer engine to version 126.96.36.199 or upgrade to Symantec Endpoint Proection 12.1 or later.
For Symantec Scan Engine, upgrade to Symantec Scan Engine 5.2.8 or later.