Last Updated: 2016-05-17 19:23:19 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
More vulnerabilities! This time the Symantec Antivirus engine. There is a buffer overflow that can be triggered by malformed PE executables is the SizeofRawData PE attribute is greater than SizeofImage PE attribute. Exploiting this bug will give the attacker root in UNIX and kernel memory corruption in Windows being able to execute anything with maximum privileges. This bug can be dangerous because the PE malformation is not usually checked within Antivirus, Host IPS platform or proxies.
You should patch this vulnerability ASAP with Symantec Antivirus Engine 2018.104.22.168. Red the full Symantec Advisory here.
We are unaware of exploits in the wild for this vulnerability. If you notice one, please let us know by our contact form.