06-30-2016 , 12:07 AM
Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Multiple Parsing Vulnerabilities
Source https://www.symantec.com/security_respon...0160628_00
Symantec Wrote:Symantec is aware of buffer overflow and memory corruption findings in the AntiVirus Decomposer engine used in various configurations by multiple Symantec products.
Symantec Wrote:Details
Parsing of maliciously-formatted container files may cause memory corruption, integer overflow or buffer overflow in Symantecs Decomposer engine. Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user.
In the TNEF unpacker, the overflow does not result in any detrimental actions due to underlying code. However this was an exposure due to improper implementation that could potentially be leveraged further, at some point, by a malicious individual. As such, it also was addressed in the engine update.
Symantec Response
Symantec has verified these issues and addressed them in product updates as identified in the solution portion of the affected products matrix above. We have also added additional checks to our Secure Development LifeCycle to mitigate similar issues in future.
Symantec is not aware of these vulnerabilities being exploited in the wild.
Update Information
All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates.
Source https://www.symantec.com/security_respon...0160628_00