Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
[URGENT] Security Advisories Relating to Symantec Products
#1
Security Advisories Relating to Symantec Products - Symantec Decomposer Engine Multiple Parsing Vulnerabilities

Symantec Wrote:Symantec is aware of buffer overflow and memory corruption findings in the AntiVirus Decomposer engine used in various configurations by multiple Symantec products.

Symantec Wrote:Details
Parsing of maliciously-formatted container files may cause memory corruption, integer overflow or buffer overflow in Symantecs Decomposer engine. Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user.

In the TNEF unpacker, the overflow does not result in any detrimental actions due to underlying code. However this was an exposure due to improper implementation that could potentially be leveraged further, at some point, by a malicious individual. As such, it also was addressed in the engine update.

Symantec Response
Symantec has verified these issues and addressed them in product updates as identified in the solution portion of the affected products matrix above. We have also added additional checks to our Secure Development LifeCycle to mitigate similar issues in future.

Symantec is not aware of these vulnerabilities being exploited in the wild.

Update Information
All Norton products have been updated through LiveUpdateTM. Customers of Symantec Enterprise products should check the chart below to determine which products have been updated automatically and which require product updates.

Source https://www.symantec.com/security_respon...0160628_00
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Vulnerabilities in WatchGuard, Panda Security Products Lead to Code Execution mrtrout 0 663 02-04-2024 , 06:49 AM
Last Post: mrtrout
  Microsoft and Google release urgent browser security update for Risk Level 4 Drive-b mrtrout 0 915 08-23-2021 , 09:13 AM
Last Post: mrtrout
  Accenture to buy Symantec's Cyber Security Services business dhruv2193 0 1,627 01-25-2020 , 07:11 AM
Last Post: dhruv2193
  McAfee considering acquisition of Symantec consumer division - reports dhruv2193 0 3,012 12-14-2019 , 04:17 PM
Last Post: dhruv2193
  A persistent group of hackers has been hitting Saudi IT providers, Symantec says Mohammad.Poorya 0 2,123 09-19-2019 , 04:02 AM
Last Post: Mohammad.Poorya



Users browsing this thread: 2 Guest(s)