HTTP: Symantec AntiVirus RAR Archive Decompression Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Symantec AntiVirus. A successful attack could allow the attacker to execute arbitrary code on the targeted system. Failed exploit attempts could result in a denial of service condition.
Extended Description
The Symantec antivirus library is prone to multiple heap-based buffer-overflow vulnerabilities. Attackers could exploit this vulnerability to compromise computers running applications that use the affected library. The issue occurs in the RAR archive decompression routines. The issue may affect all platforms running applications that use the library, including Microsoft Windows and Mac OS X releases of the applications. Symantec is currently investigating this issue. Note that the issue could affect third-party applications that include the library.
Affected Products
Symantec gateway_security_400,Symantec antivirus/filtering_for_domino_ports
Short Name
HTTP:STC:DL:SYM-AV-RAR-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
AntiVirus Archive Buffer CVE-2005-4438 Decompression Overflow RAR Symantec bid:15971
Release Date
09/17/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3339
False Positive
Unknown
Vendors
Symantec
CVSS Score
7.5