J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability

Severity: CRITICAL

Description:

Various Symantec products are reported prone to a remote heap overflow vulnerability. This issue affects the UPX Parsing Engine shipped with the products. The UPX Parsing Engine DEC2EXE is used by Symantec products to parse UPX compressed files. UPX is commonly used to pack malcode content in container files.

It is reported that the Symantec UPX Parsing Engine is prone to a remote heap overflow vulnerability. This issue exists because the application fails to perform boundary checks prior to copying user-supplied data into a sensitive heap buffer. A successful attack may allow a remote attacker to execute arbitrary code on a vulnerable computer.

An attacker can exploit this vulnerability by crafting a malicious UPX file and sending the file to an affected computer. The malformed file must contain excessive string values, replacement memory addresses, and arbitrary machine code that hijacks the vulnerable process's execution flow. If successful, the attacker may gain superuser level access to a vulnerable computer.

A denial of service condition due to persistent attack attempts is possible as well.

Affected Products:

  • Symantec AntiVirus Corporate Edition 8.0.0 1
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.434
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.437
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.446
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.457
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.460
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.464
  • Symantec AntiVirus Corporate Edition 8.1.0 build 8.01.471
  • Symantec AntiVirus Corporate Edition 8.1.1
  • Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.314a
  • Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.319
  • Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.323
  • Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.329
  • Symantec AntiVirus Corporate Edition 9.0.0
  • Symantec AntiVirus Scan Engine 4.0.0
  • Symantec AntiVirus Scan Engine 4.3.0
  • Symantec AntiVirus Scan Engine for Bluecoat 4.0.0
  • Symantec AntiVirus Scan Engine for Bluecoat 4.3.0
  • Symantec AntiVirus Scan Engine for Caching 4.3.0
  • Symantec AntiVirus Scan Engine for Filers 4.3.0
  • Symantec AntiVirus Scan Engine for ISA 4.0.0
  • Symantec AntiVirus Scan Engine for ISA 4.3.0
  • Symantec AntiVirus Scan Engine for Netapp Filer 4.0.0
  • Symantec AntiVirus Scan Engine for Netapp Filer 4.3.0
  • Symantec AntiVirus Scan Engine for Netapp NetCache 4.0.0
  • Symantec AntiVirus Scan Engine for Netapp NetCache 4.3.0
  • Symantec AntiVirus for Caching
  • Symantec AntiVirus for Network Attached Storage
  • Symantec AntiVirus for SMTP 3.1.0
  • Symantec AntiVirus for SMTP 3.1.0 build 3.1.1
  • Symantec AntiVirus for SMTP 3.1.0 build 3.1.2
  • Symantec AntiVirus for SMTP 3.1.0 build 3.1.3
  • Symantec AntiVirus for SMTP 3.1.0 build 3.1.4
  • Symantec AntiVirus for SMTP 3.1.0 build 3.1.5
  • Symantec AntiVirus for SMTP 3.1.0 build 3.1.6
  • Symantec AntiVirus/Filtering for Domino NT 3.1.0
  • Symantec AntiVirus/Filtering for Domino Ports 3.0.0
  • Symantec AntiVirus/Filtering for Domino Ports 3.0.0 (AIX) build 3.0.5
  • Symantec AntiVirus/Filtering for Domino Ports 3.0.0 (Linux) build 3.0.5
  • Symantec AntiVirus/Filtering for Domino Ports 3.0.0 (OS400) build 3.0.5
  • Symantec Brightmail Anti-Spam 4.0.0
  • Symantec Brightmail Anti-Spam 5.5.0
  • Symantec Client Security 1.0.0
  • Symantec Client Security 1.0.1
  • Symantec Client Security 1.0.1 MR3 build 8.01.434
  • Symantec Client Security 1.0.1 MR4 build 8.01.446
  • Symantec Client Security 1.0.1 MR5 build 8.01.457
  • Symantec Client Security 1.0.1 MR6 build 8.01.460
  • Symantec Client Security 1.0.1 MR7 build 8.01.464
  • Symantec Client Security 1.0.1 MR8 build 8.01.471
  • Symantec Client Security 1.0.1 build 8.01.437
  • Symantec Client Security 1.1.1
  • Symantec Client Security 1.1.1 MR1 build 8.1.1.314a
  • Symantec Client Security 1.1.1 MR2 build 8.1.1.319
  • Symantec Client Security 1.1.1 MR3 build 8.1.1.323
  • Symantec Client Security 1.1.1 MR4 build 8.1.1.329
  • Symantec Client Security 1.1.1 MR5 build 8.1.1.336
  • Symantec Client Security 2.0.0
  • Symantec Gateway Security 5300 1.0.0
  • Symantec Gateway Security 5400 2.0.0
  • Symantec Gateway Security 5400 2.0.1
  • Symantec Mail Security for Domino 4.0.0 build 4.0.1
  • Symantec Mail Security for Microsoft Exchange 4.0.0
  • Symantec Mail Security for Microsoft Exchange 4.1.0 461
  • Symantec Mail Security for Microsoft Exchange 4.1.0 build 458
  • Symantec Mail Security for Microsoft Exchange 4.1.0 build 459
  • Symantec Mail Security for Microsoft Exchange 4.5.0
  • Symantec Mail Security for Microsoft Exchange 4.5.0 build 719
  • Symantec Mail Security for SMTP 4.0.0
  • Symantec Norton AntiVirus 2004
  • Symantec Norton AntiVirus for MS Exchange 2.1.0
  • Symantec Norton AntiVirus for Microsoft Exchange 2.18.0 build 83
  • Symantec Norton Antivirus 2004 for Macintosh
  • Symantec Norton Antivirus 8.0 for Macintosh
  • Symantec Norton Antivirus 9.0 for Macintosh
  • Symantec Norton Antivirus for Macintosh Corporate Edition 9.0.0
  • Symantec Norton Internet Security 2004 Professional Edition
  • Symantec Norton Internet Security 2004 for Macintosh
  • Symantec Norton Internet Security for Macintosh 2.0
  • Symantec Norton Internet Security for Macintosh 3.0
  • Symantec Norton System Works 2004 for Macintosh
  • Symantec Norton System Works 7.0 for Macintosh
  • Symantec Norton System Works for Macintosh 3.0
  • Symantec Norton SystemWorks 2004
  • Symantec Web Security 3.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.