Symantec Mail Security for SMTP RAR and CAB Parsing Multiple Vulnerabilities
High Nessus Plugin ID 67003
SynopsisThe remote host is affected by a heap overflow vulnerability.
DescriptionThe remote host is running a version of the Symantec Mail Security for Exchange / Domino that is affected by multiple vulnerabilities :
- A heap overflow vulnerability exists that can be triggered when the scanning engine processes a specially crafted CAB file, possibly leading to arbitrary code execution. (CVE-2007-0447)
- It is is possible to trigger a denial of service condition when the scanning engine processes a RAR file with a specially crafted header. (CVE-2007-3699)
SolutionApply the appropriate updates per the vendor's advisory.