Symantec Product Range - Remote hacker manual control
Version: | Various |
Technical Details: | Almost the complete range of Symantec products are vulnerable to arbitrary remote code execution following the scanning of malicious RAR or CAB archives. When handling malicious RAR archives, Symantec products fail to properly handle modified headers, leading to a Denial of Service condition. When handling malicious CAB archives, Symantec products fail to properly implement bounds checking, leading to a situation where arbitrary remote code execution is possible. The arbitrary code execution vulnerability affecting Symantec Backup Exec is a result of poor handling of network traffic with the "ncacn_ip_tcp" protocol. |
Description: |
Almost the complete range of Symantec products have been found to be vulnerable to potential remote exploitation through the scanning of malicious RAR or CAB archives. Separately, iDefense have released information regarding a remote code execution vulnerability affecting Symantec Backup Exec, where it is possible for an attacker to run software of their choice due to poor handling of network traffic. |
Mitigation: |
Apply caution when filtering and scanning RAR and CAB archives. Apply the patches from Symantec when they are available for the respective products. |
Updates: |
http://www.symantec.com/techsupp/ |
Source: |
http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11a.html |
Exploits: |
|
External Tracking Data: | CVE-ID: CVE-2007-3509 (Backup Exec) |
Social bookmark this page