Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
BID:24282
Info
Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
| Bugtraq ID: | 24282 |
| Class: | Unknown |
| CVE: |
CVE-2007-0447 CVE-2007-3699 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 11 2007 12:00AM |
| Updated: | Mar 19 2015 08:49AM |
| Credit: | 3Com and the Zero-Day Initiative are credited with discovery. |
| Vulnerable: |
Symantec Web Security for Microsoft ISA 2004 5.0 Symantec Web Security 3.0.1 build 3.01.68 Symantec Web Security 3.0.1 build 3.01.67 Symantec Web Security 3.0.1 build 3.01.63 Symantec Web Security 3.0.1 build 3.01.62 Symantec Web Security 3.0.1 build 3.01.61 Symantec Web Security 3.0.1 build 3.01.60 Symantec Web Security 3.0.1 build 3.01.59 Symantec Web Security 3.0.1 build 3.0.1.74 Symantec Web Security 3.0.1 build 3.0.1.72 Symantec Web Security 3.0.1 build 3.0.1.70 Symantec Web Security 3.0.1 .76 Symantec Web Security 3.0.1 .70 Symantec Web Security 3.0.1 Build 62 Symantec Web Security 3.0.1 Symantec Web Security 3.0 Symantec Web Security 2.5 Symantec Symantec AntiVirus Scan Engine for Microsoft ISA 4.3.12 Symantec Norton SystemWorks 2006 0 Symantec Norton SystemWorks 2005 0 Symantec Norton SystemWorks 2004 Symantec Norton System Works for Macintosh 3.0 Symantec Norton System Works 2006 Symantec Norton System Works 2005 Premier Symantec Norton System Works 2005 11.0.9 Symantec Norton System Works 2005 11.0 Symantec Norton System Works 2005 Premier Symantec Norton System Works 2005 0 Symantec Norton Personal Firewall 2006 9.1.1 .7 Symantec Norton Personal Firewall 2006 9.1 .33 Symantec Norton Personal Firewall 2006 Symantec Norton Internet Security for Macintosh 3.0 Symantec Norton Internet Security 2006 Professional Edition Symantec Norton Internet Security 2006 0 Symantec Norton Internet Security 2005 Professional Edition Symantec Norton Internet Security 2005 11.5.6 .14 Symantec Norton Internet Security 2005 11.0.9 Symantec Norton Internet Security 2005 11.0 Symantec Norton Internet Security 2005 Symantec Norton Internet Security 2004 Professional Edition Symantec Norton Internet Security 2004 Symantec Norton Antivirus for Macintosh 10.9.1 Symantec Norton Antivirus for Macintosh 10.0.1 Symantec Norton Antivirus for Macintosh 10.0 .0 Symantec Norton Antivirus for Macintosh 9.0.3 Symantec Norton Antivirus for Macintosh 9.0.2 Symantec Norton Antivirus for Macintosh 9.0.1 Symantec Norton Antivirus for Macintosh 9.0 .0 Symantec Norton Antivirus 9.0 for Macintosh Symantec Norton AntiVirus 2006 Symantec Norton AntiVirus 2005 Professional Edition Symantec Norton AntiVirus 2005 11.0.9 Symantec Norton AntiVirus 2005 11.0 Symantec Norton AntiVirus 2005 Symantec Norton AntiVirus 2004 Professional Edition Symantec Norton AntiVirus 2004 Symantec Mail Security for SMTP 5.0.1 Symantec Mail Security for SMTP 5.0 Symantec Mail Security for Microsoft Exchange 6.0 Symantec Mail Security for Microsoft Exchange 5.0 Symantec Mail Security for Microsoft Exchange 4.6.3 Symantec Mail Security for Microsoft Exchange 4.6 build 97 Symantec Mail Security for Microsoft Exchange 4.6 build 4.6.1.107 Symantec Mail Security for Microsoft Exchange 4.5 build 719 Symantec Mail Security for Microsoft Exchange 4.5 build 4.5.4.743 Symantec Mail Security for Microsoft Exchange 4.5 build 743 Symantec Mail Security for Microsoft Exchange 4.5 build 741 Symantec Mail Security for Microsoft Exchange 4.5 build 736 Symantec Mail Security for Microsoft Exchange 4.5 Symantec Mail Security for Microsoft Exchange 4.1 build 459 Symantec Mail Security for Microsoft Exchange 4.1 build 458 Symantec Mail Security for Microsoft Exchange 4.1 461 Symantec Mail Security for Microsoft Exchange 4.0 build 743 Symantec Mail Security for Microsoft Exchange 4.0 build 741 Symantec Mail Security for Microsoft Exchange 4.0 build 736 Symantec Mail Security for Microsoft Exchange 4.0 build 465 Symantec Mail Security for Microsoft Exchange 4.0 build 463 Symantec Mail Security for Microsoft Exchange 4.0 build 456 Symantec Mail Security for Microsoft Exchange 4.0 Symantec Mail Security for Microsoft Exchange 5.0.0.024 Symantec Mail Security for Domino 5.1 Symantec Mail Security for Domino 5.0 .47 Symantec Mail Security for Domino 4.1.4 Symantec Mail Security for Domino 4.1 Symantec Mail Security for Domino 4.0.1 Symantec Mail Security for Domino 4.0 build 4.0.1 Symantec Mail Security for Domino 4.0 Symantec Mail Security for Domino 5.1.2.28 Symantec Mail Security 8200 Series Appliance Symantec Gateway Security 5400 2.0.1 Symantec Gateway Security 5000 Series 3.0.1 Symantec Client Security 3.1 .401 Symantec Client Security 3.1 .400 Symantec Client Security 3.1 .396 Symantec Client Security 3.1 .394 Symantec Client Security 3.0.2 .2021 Symantec Client Security 3.0.2 .2020 Symantec Client Security 3.0.2 .2011 Symantec Client Security 3.0.2 .2010 Symantec Client Security 3.0.2 .2002 Symantec Client Security 3.0.2 .2001 Symantec Client Security 3.0.2 .2000 Symantec Client Security 3.0 Symantec Client Security 2.0.6 MR6 Symantec Client Security 2.0.5 build 1100 Symantec Client Security 2.0.4 MR4 build 1000 Symantec Client Security 2.0.4 Symantec Client Security 2.0.3 MR3 b9.0.3.1000 Symantec Client Security 2.0.2 MR2 b9.0.2.1000 Symantec Client Security 2.0.1 MR1 b9.0.1.1000 Symantec Client Security 2.0 STM build 9.0.0.338 Symantec Client Security 2.0 (SCF 7.1) Symantec Client Security 2.0 Symantec Client Security 3.1 Symantec Client Security 3.0.1.1008 Symantec Client Security 3.0.1.1007 Symantec Client Security 3.0.1.1001 Symantec Client Security 3.0.1.1000 Symantec Client Security 3.0.0.359 Symantec Brightmail Anti-Spam 6.0.4 Symantec Brightmail Anti-Spam 6.0.3 Symantec Brightmail Anti-Spam 6.0.2 Symantec Brightmail Anti-Spam 6.0.1 Symantec Brightmail Anti-Spam 6.0 Symantec Brightmail Anti-Spam 5.5 Symantec Brightmail Anti-Spam 4.0 Symantec AntiVirus/Filtering for Domino MPE 3.0.12 Symantec AntiVirus Scan Engine for Network Attached Storage 4.3.12 Symantec AntiVirus Scan Engine for Network Attached Storage 4.3 Symantec AntiVirus Scan Engine for Microsoft SharePoint 4.3.12 Symantec AntiVirus Scan Engine for Microsoft SharePoint 4.3 Symantec AntiVirus Scan Engine for Messaging 4.3.12 Symantec AntiVirus Scan Engine for Clearswift 4.3.12 Symantec AntiVirus Scan Engine for Clearswift 4.3 Symantec AntiVirus Scan Engine for Clearswift 4.0 Symantec AntiVirus Scan Engine for Caching 4.3.12 Symantec AntiVirus Scan Engine for Caching 4.3 Symantec AntiVirus Scan Engine 5.0.1 Symantec AntiVirus Scan Engine 4.3.12 Symantec AntiVirus Scan Engine 4.3.3 Symantec AntiVirus Scan Engine 4.3 build 4.3.8.29 Symantec AntiVirus Scan Engine 4.3 build 4.3.7.27 Symantec AntiVirus Scan Engine 4.3 build 4.3.3 Symantec AntiVirus Scan Engine 4.3 Symantec AntiVirus Scan Engine 4.1.8 Symantec AntiVirus Scan Engine 4.1 Symantec AntiVirus Scan Engine 4.0 Symantec AntiVirus Scan Engine 5.0 Symantec AntiVirus for Macintosh 10.0 Symantec AntiVirus Corporate Edition for Linux 0 Symantec AntiVirus Corporate Edition 10.1.4 MR4 MP1 - build 4010 Symantec AntiVirus Corporate Edition 10.1.4 Symantec AntiVirus Corporate Edition 10.1 .401 Symantec AntiVirus Corporate Edition 10.1 .400 Symantec AntiVirus Corporate Edition 10.1 .396 Symantec AntiVirus Corporate Edition 10.1 .394 Symantec AntiVirus Corporate Edition 10.0.2 .2021 Symantec AntiVirus Corporate Edition 10.0.2 .2020 Symantec AntiVirus Corporate Edition 10.0.2 .2011 Symantec AntiVirus Corporate Edition 10.0.2 .2010 Symantec AntiVirus Corporate Edition 10.0.2 .2002 Symantec AntiVirus Corporate Edition 10.0.2 .2001 Symantec AntiVirus Corporate Edition 10.0.2 .2000 Symantec AntiVirus Corporate Edition 10.0 Symantec AntiVirus Corporate Edition 9.0.5 .1100 Symantec AntiVirus Corporate Edition 9.0.5 Symantec AntiVirus Corporate Edition 9.0.4 MR4 build 1000 Symantec AntiVirus Corporate Edition 9.0.4 Symantec AntiVirus Corporate Edition 9.0.3 .1000 Symantec AntiVirus Corporate Edition 9.0.2 .1000 Symantec AntiVirus Corporate Edition 9.0.1 .1.1000 Symantec AntiVirus Corporate Edition 9.0 .0.338 Symantec AntiVirus Corporate Edition 9.0 Symantec AntiVirus Corporate Edition 9.0.6.1000 Symantec AntiVirus Corporate Edition 10.1.4.4010 Symantec AntiVirus Corporate Edition 10.1 Symantec AntiVirus Corporate Edition 10.0.1.1008 Symantec AntiVirus Corporate Edition 10.0.1.1007 Symantec AntiVirus Corporate Edition 10.0.1.1000 Symantec AntiVirus Corporate Edition 10.0.0.359 |
| Not Vulnerable: |
Symantec Web Security for Microsoft ISA 2004 5.0.3 Symantec Web Security 3.0.1 .85 Symantec Mail Security for SMTP 5.0.1 Patch 181 Symantec Mail Security for Microsoft Exchange 6.0.0.1 Symantec Mail Security for Microsoft Exchange 5.0.6.368 Symantec Mail Security for Microsoft Exchange 4.6.8.120 Symantec Mail Security for Domino 5.1.4.32 Symantec Mail Security for Domino 4.1.9.37 Symantec Mail Security Appliance 5.0.0.24 Symantec Gateway Security 5400 3.0.1 Symantec Client Security 3.1.4 MR4 MP1 - build 4010 Symantec Client Security 2.0.6 MR6 MP1 - build 1100 Symantec Client Security 3.1.6.6000 Symantec Client Security 3.1 MR6 Symantec Client Security 2.0 MR6 MP1 Symantec Brightmail Anti-Spam 6.0.5 Symantec AntiVirus/Filtering for Domino MPE 3.2.2.27 Symantec AntiVirus Scan Engine for Microsoft SharePoint 4.3.17 Symantec AntiVirus Scan Engine for Messaging 4.3.17 Symantec AntiVirus Scan Engine for ISA 4.3.17 Symantec AntiVirus Scan Engine for Clearswift 4.3.17 Symantec AntiVirus Scan Engine for Caching 4.3.17 Symantec AntiVirus Scan Engine 4.3.17 Symantec AntiVirus Scan Engine 5.1.4.24 Symantec AntiVirus Scan Engine 4.3.18.43 Symantec AntiVirus Corporate Edition 9.0.6 MR6 MP1 - build 1100 Symantec AntiVirus Corporate Edition 10.1.6.6000 Symantec AntiVirus Corporate Edition 10.1 MR6 |
Discussion
Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
Symantec AntiVirus products that include the Symantec Decomposer are prone to multiple remote vulnerabilities related to the handling of CAB and RAR archives. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges or to cause the affected application to enter an infinite loop, resulting in a denial-of-service condition.
Symantec AntiVirus products that include the Symantec Decomposer are prone to multiple remote vulnerabilities related to the handling of CAB and RAR archives. These issues include a denial-of-service vulnerability and a buffer-overflow vulnerability.
Successfully exploiting these issues allows remote attackers to execute arbitrary machine code with SYSTEM-level privileges or to cause the affected application to enter an infinite loop, resulting in a denial-of-service condition.
Exploit / POC
Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
Solution:
The vendor released an advisory and updates to address this issue. To update consumer products, run LiveUpdate in Interactive Mode. For Mac consumer products, install definitions released after 10/1/2006.
Please refer to the advisory for a complete list of affected products and applicable updates.
Solution:
The vendor released an advisory and updates to address this issue. To update consumer products, run LiveUpdate in Interactive Mode. For Mac consumer products, install definitions released after 10/1/2006.
Please refer to the advisory for a complete list of affected products and applicable updates.
References
Symantec AntiVirus Malformed CAB and RAR Compression Remote Vulnerabilities
References:
References:
- Symantec Homepage (Symantec Corp.)
- SYM07-019 Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass (Symantec)
- ZDI-07-039 - Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability (Zero Day Initiative)
- ZDI-07-040 - Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability (Zero Day Initiative)