Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability

0 views
Skip to first unread message

sns...@lac.co.jp

unread,
Feb 19, 2003, 10:52:46 PM2/19/03
to
[Moderator note: This post was withheld, with permission from SNS, to ensure that
the issue was resolved completely. ]

----------------------------------------------------------------------
SNS Advisory No.61
Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability

Problem first discovered: Thu, 26 Dec 2002
Published: Wed, 19 Feb 2003
Reference: http://www.lac.co.jp/security/english/snsadv_e/61_e.html
----------------------------------------------------------------------

Overview:
---------
The e-mail scanning function in Symantec Norton AntiVirus 2002 may cause
a Buffer Overflow.

Problem Description:
--------------------
The e-mail scanning function in Symantec Norton AntiVirus 2002 will cause
a Buffer Overflow when it receives an e-mail message with a compressed file
which includes a file with an unusually long filename.

An attacker could exploit this problem to execute arbitrary code with the
privilege of the currently logged on user.


Tested Versions:
----------------
Symantec Norton AntiVirus 2002 (version 8.07.17C)

Tested OS:
----------
Windows 2000 Professional Japanese Edition + Windows 2000 Service Pack 3

Solution:
---------
Update AntiVirus 2002 by using LiveUpdate.

Discovered by:
--------------
ARAI Yuu y.a...@lac.co.jp

Acknowledgements:
-----------------
Thanks to:
Symantec Security Response

Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <sns...@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/

0 new messages