Stack-Based Buffer Overflow in Symantec Decomposer for Antivirus Products
CVE-2008-0309

Currently unrated

Key Information:

Vendor: Symantec
Status: Symantec Antivirus Filtering Domino Mpe; Symantec Mail Security For Microsoft Exchange; Symantec Antivirus Scan Engine For Ms Isa; Symantec Antivirus Scan Engine Clearswift
Vendor: CVE Published:; 28 February 2008

Summary

A stack-based buffer overflow in Symantec Decomposer affects specific versions of Symantec antivirus products, including Symantec Scan Engine 5.1.2 and earlier versions before 5.1.6.31. This vulnerability allows remote attackers to exploit a malformed RAR file sent to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp), potentially leading to arbitrary code execution or causing the application to crash, resulting in a denial of service.

References

http://www.symantec.com/avcenter/security/Content/2008.02...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2008/0680

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/27913

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Feb 28, 2008
Vulnerability Reserved
Jan 16, 2008