Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

BID:12492

Info

Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

Bugtraq ID: 12492
Class: Boundary Condition Error
CVE: CVE-2005-0249
Remote: Yes
Local: No
Published: Feb 08 2005 12:00AM
Updated: Jul 12 2009 10:06AM
Credit: Discovery is credited to Alex Wheeler and the X-Force research team.
Vulnerable: Symantec Web Security 3.0
Symantec Norton SystemWorks 2004
Symantec Norton System Works for Macintosh 3.0
Symantec Norton System Works 7.0 for Macintosh
Symantec Norton System Works 2004 for Macintosh
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton Internet Security for Macintosh 2.0
Symantec Norton Internet Security 2004 Professional Edition
Symantec Norton Internet Security 2004 for Macintosh
Symantec Norton AntiVirus for MS Exchange 2.1
- Microsoft Exchange Server 5.0
 - Microsoft Windows NT 4.0
 Symantec Norton AntiVirus for Microsoft Exchange 2.18 build 83
Symantec Norton Antivirus for Macintosh Corporate Edition 9.0
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Antivirus 8.0 for Macintosh
Symantec Norton Antivirus 2004 for Macintosh
Symantec Norton AntiVirus 2004
Symantec Mail Security for SMTP 4.0
Symantec Mail Security for Microsoft Exchange 4.5 build 719
Symantec Mail Security for Microsoft Exchange 4.5
Symantec Mail Security for Microsoft Exchange 4.1 build 459
Symantec Mail Security for Microsoft Exchange 4.1 build 458
Symantec Mail Security for Microsoft Exchange 4.1 461
Symantec Mail Security for Microsoft Exchange 4.0
Symantec Mail Security for Domino 4.0 build 4.0.1
Symantec Gateway Security 5400 2.0.1
Symantec Gateway Security 5400 2.0
Symantec Gateway Security 5300 1.0
Symantec Client Security 2.0
Symantec Client Security 1.1.1 MR5 build 8.1.1.336
Symantec Client Security 1.1.1 MR4 build 8.1.1.329
Symantec Client Security 1.1.1 MR3 build 8.1.1.323
Symantec Client Security 1.1.1 MR2 build 8.1.1.319
Symantec Client Security 1.1.1 MR1 build 8.1.1.314a
Symantec Client Security 1.1.1
Symantec Client Security 1.0.1 MR8 build 8.01.471
Symantec Client Security 1.0.1 MR7 build 8.01.464
Symantec Client Security 1.0.1 MR6 build 8.01.460
Symantec Client Security 1.0.1 MR5 build 8.01.457
Symantec Client Security 1.0.1 MR4 build 8.01.446
Symantec Client Security 1.0.1 MR3 build 8.01.434
Symantec Client Security 1.0.1 build 8.01.437
Symantec Client Security 1.0.1
Symantec Client Security 1.0
Symantec Brightmail Anti-Spam 5.5
Symantec Brightmail Anti-Spam 4.0
Symantec AntiVirus/Filtering for Domino Ports 3.0 (OS400) build 3.0.5
Symantec AntiVirus/Filtering for Domino Ports 3.0 (Linux) build 3.0.5
Symantec AntiVirus/Filtering for Domino Ports 3.0 (AIX) build 3.0.5
Symantec AntiVirus/Filtering for Domino Ports 3.0
Symantec AntiVirus/Filtering for Domino NT 3.1
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3
Symantec AntiVirus Scan Engine for Netapp NetCache 4.0
Symantec AntiVirus Scan Engine for Netapp Filer 4.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.0
Symantec AntiVirus Scan Engine for ISA 4.3
Symantec AntiVirus Scan Engine for ISA 4.0
Symantec AntiVirus Scan Engine for Filers 4.3
Symantec AntiVirus Scan Engine for Caching 4.3
Symantec AntiVirus Scan Engine for Bluecoat 4.3
Symantec AntiVirus Scan Engine for Bluecoat 4.0
Symantec AntiVirus Scan Engine 4.3
Symantec AntiVirus Scan Engine 4.0
Symantec AntiVirus for SMTP 3.1 build 3.1.6
Symantec AntiVirus for SMTP 3.1 build 3.1.5
Symantec AntiVirus for SMTP 3.1 build 3.1.4
Symantec AntiVirus for SMTP 3.1 build 3.1.3
Symantec AntiVirus for SMTP 3.1 build 3.1.2
Symantec AntiVirus for SMTP 3.1 build 3.1.1
Symantec AntiVirus for SMTP 3.1
Symantec AntiVirus for Network Attached Storage
Symantec AntiVirus for Caching
Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.329
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.323
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.319
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.314a
Symantec AntiVirus Corporate Edition 8.1.1
Symantec AntiVirus Corporate Edition 8.1 build 8.01.471
Symantec AntiVirus Corporate Edition 8.1 build 8.01.464
Symantec AntiVirus Corporate Edition 8.1 build 8.01.460
Symantec AntiVirus Corporate Edition 8.1 build 8.01.457
Symantec AntiVirus Corporate Edition 8.1 build 8.01.446
Symantec AntiVirus Corporate Edition 8.1 build 8.01.437
Symantec AntiVirus Corporate Edition 8.1 build 8.01.434
Symantec AntiVirus Corporate Edition 8.0 1
Not Vulnerable: Symantec Web Security 3.0.1 build 3.01.59
Symantec Web Security 3.0.1 build 3.0.1.72
Symantec Web Security 3.0.1 .70
Symantec Norton SystemWorks 2003
Symantec Norton System Works for Macintosh 3.0
Symantec Norton System Works 7.0 for Macintosh
Symantec Norton System Works 2005 Premier
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton Internet Security for Macintosh 2.0
Symantec Norton Internet Security 2005
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton AntiVirus for MS Exchange 2.18.88
Symantec Norton AntiVirus for MS Exchange 2.18.85
Symantec Norton AntiVirus for MS Exchange 2.18.82
Symantec Norton AntiVirus for MS Exchange 2.1
- Microsoft Exchange Server 5.0
 - Microsoft Windows NT 4.0
 Symantec Norton AntiVirus for MS Exchange 2.0
- Microsoft Exchange Server 5.0
 - Microsoft Windows NT 4.0
 Symantec Norton AntiVirus for MS Exchange 1.5
- Microsoft Exchange Server 5.0
 - Microsoft Windows NT 4.0
 Symantec Norton AntiVirus Corporate Edition 7.6
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Antivirus 8.0 for Macintosh
Symantec Norton Antivirus 7.0 for Macintosh
Symantec Norton AntiVirus 2005
Symantec Norton Antivirus 2003 0
- Microsoft Windows 2000 Professional SP3
 - Microsoft Windows 2000 Professional SP2
 - Microsoft Windows 2000 Professional SP1
 - Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home SP1
 - Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Mail-Gear 1.1
- Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Sun Solaris 7.0
 - Sun Solaris 2.6
 - Sun Solaris 2.5
 Symantec Mail-Gear 1.0
- Microsoft Windows NT 4.0 SP6
 - Microsoft Windows NT 4.0 SP5
 - Microsoft Windows NT 4.0 SP4
 - Microsoft Windows NT 4.0 SP3
 - Sun Solaris 7.0
 - Sun Solaris 2.6
 - Sun Solaris 2.5
 Symantec Mail Security for SMTP 4.1
Symantec Mail Security for Microsoft Exchange 4.6 build 97
Symantec Mail Security for Microsoft Exchange 4.5 build 743
Symantec Mail Security for Microsoft Exchange 4.5 build 741
Symantec Mail Security for Microsoft Exchange 4.5 build 736
Symantec Mail Security for Microsoft Exchange 4.0 build 465
Symantec Mail Security for Microsoft Exchange 4.0 build 463
Symantec Mail Security for Microsoft Exchange 4.0 build 456
Symantec Mail Security for Domino 4.1
Symantec Mail Security for Domino 4.0.1
Symantec Mail Security for Domino 4.0 build 4.0.1
Symantec I-Gear MS Proxy 3.5
Symantec Client Security for Nokia Communicator
Symantec Client Security 2.0.3 MR3 b9.0.3.1000
Symantec Client Security 2.0.2 MR2 b9.0.2.1000
Symantec Client Security 2.0.1 MR1 b9.0.1.1000
Symantec Client Security 2.0 STM build 9.0.0.338
Symantec Client Security 1.1.1 MR6 b8.1.1.266
Symantec Client Security 1.1 STM b8.1.0.825a
Symantec Client Security 1.0.1 MR9 b8.01.501
Symantec Client Security 1.0.1 MR2 b8.01.429c
Symantec Client Security 1.0.1 MR1 b8.01.425a/b
Symantec Client Security 1.0 .0 b8.01.9378
Symantec Client Security 1.0 b8.01.9374
Symantec Brightmail Anti-Spam 6.0.1
Symantec Brightmail Anti-Spam 6.0
Symantec AntiVirus/Filtering for Domino Ports 3.0.7
Symantec AntiVirus/Filtering for Domino Ports 3.0.6
Symantec AntiVirus/Filtering for Domino Ports 3.0.5
Symantec AntiVirus/Filtering for Domino NT 3.1.1
Symantec AntiVirus/Filtering for Domino NT 3.1
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Microsoft Portal 4.3
Symantec AntiVirus Scan Engine for ISA 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Filers 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Bluecoat 4.3 build 4.3.3
Symantec AntiVirus Scan Engine 4.3.3
Symantec AntiVirus for SMTP 3.1.7
Symantec AntiVirus for SMTP 3.0 build 3.0.0.29
Symantec Antivirus for MS Office SharePoint Portal Server 2003
Symantec AntiVirus for Microsoft Office
Symantec AntiVirus for Handhelds Corporate Edition 3.0
Symantec AntiVirus for Handhelds 3.0 .0.194
Symantec AntiVirus for Handhelds 3.0
Symantec AntiVirus for Caching 4.3.3
Symantec AntiVirus Corporate Edition 9.0.3 .1000
Symantec AntiVirus Corporate Edition 9.0.2 .1000
Symantec AntiVirus Corporate Edition 9.0.1 .1.1000
Symantec AntiVirus Corporate Edition 9.0 .0.338
Symantec AntiVirus Corporate Edition 8.1.1 .366
Symantec AntiVirus Corporate Edition 8.1 .0.825a
Symantec AntiVirus Corporate Edition 8.0 1.9378
Symantec AntiVirus Corporate Edition 8.0 1.9374
Symantec AntiVirus Corporate Edition 8.0 1.501
Symantec AntiVirus Corporate Edition 8.0 1.429c
Symantec AntiVirus Corporate Edition 8.0 1.425a/b
Symantec AntiSpam for SMTP 3.1

Discussion

Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

Various Symantec products are reported prone to a remote heap overflow vulnerability. This issue affects the UPX Parsing Engine shipped with the products.

A successful attack may allow a remote attacker to execute arbitrary code on a vulnerable computer leading to a complete compromise.

Exploit / POC

Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

An exploit has been developed for this issue and is implemented in a licensed exploit scanner; users with a license will have access to the exploit, however Symantec is not aware of any freely available public exploit.

Solution / Fix

Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

Solution:
Symantec has released an updated security bulletin (SYM05-003); this updated bulletin contains further revisions to the vulnerable and non-vulnerable sections.

Symantec has released advisory SYM05-003 and updates to address this issue in affected applications. The updates may be automatically installed on vulnerable computers by running LiveUpdate for products that support LiveUpdate capability or from http://www.symantec.com/techsupp/ for other products.

References

Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report