Remote Code Execution Flaw in Symantec Antivirus Products
CVE-2005-3217

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus Scan Engine
Vendor: CVE Published:; 14 October 2005

Summary

A critical vulnerability exists in multiple versions of Symantec Antivirus, allowing remote attackers to bypass virus detection mechanisms. This flaw is exploited through a malicious executable embedded within a specially crafted RAR file. The RAR file's central and local headers are malformed, enabling it to be processed by certain applications like WinRAR and PowerZip, which do not reject the file as corrupted. However, it is flagged as corrupted by others such as WinZip and BitZipper, thus leaving a gap in protection for users relying solely on those platforms for virus scanning.

References

http://shadock.net/secubox/AVCraftedArchive.html

x_refsource_MISC

http://marc.info/?l=bugtraq&m=112879611919750&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Oct 14, 2005
Vulnerability Reserved
Oct 14, 2005