Decomposer Engine Vulnerability in Symantec Products
CVE-2012-4953

Currently unrated

Key Information:

Vendor: Symantec
Status: Antivirus; Scan Engine; Endpoint Protection
Vendor: CVE Published:; 14 November 2012

Summary

The decomposer engine in several Symantec products fails to properly enforce bounds checks of CAB archive contents, exposing the system to potential denial of service through application crashes. This vulnerability may also allow remote attackers to execute arbitrary code by exploiting crafted archive files, thus compromising the security of impacted systems.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/985625

third-party-advisoryx_refsource_CERT-VN

http://www.securitytracker.com/id?1027726

vdb-entryx_refsource_SECTRACK

EPSS Score

9% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 14, 2012
Vulnerability Reserved
Sep 17, 2012