CVE-2008-0309

Currently unrated

Key Information:

Vendor: Symantec
Status: Symantec Antivirus Filtering Domino Mpe; Symantec Mail Security For Microsoft Exchange; Symantec Antivirus Scan Engine For Ms Isa; Symantec Antivirus Scan Engine Clearswift
Vendor: CVE Published:; 28 February 2008

Summary

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

References

http://www.symantec.com/avcenter/security/Content/2008.02...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/0680

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/27913

vdb-entryx_refsource_BID

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 28, 2008
Vulnerability Reserved
Jan 16, 2008