Computer Security
[EN] securityvulns.ru no-pyccku


Symantec Antivirus multiple buffer overflows
Published:13.07.2007
Source:
SecurityVulns ID:7930
Type:remote
Threat Level:
7/10
Description:Buffer overflows on CAB, RAR archives parsing.
CVE:CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.)
 CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.)
Original documentdocument3COM, [Full-disclosure] ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability (13.07.2007)
 documentZDI, [Full-disclosure] ZDI-07-039: Symantec AntiVirus Engine RAR File Parsing DoS Vulnerability (13.07.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod