Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Symantec AV RAR library vulnerability SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec AV RAR library vulnerability
Yesterday, Alex Wheeler released details of a vulnerability that appears to span many Symantec A/V products in the routines for decoded RAR compressed files.  Symantec is apparently working feverishly on a fix, but for the moment the recommendation is to disable scanning of these files (which I suppose is fine if we can convince the users not to open/uncompress them until Symantec has a fix or they can be scanned by some other A/V product) or block them completely at gateways/proxies.  We are not currently aware of exploits in the wild, but the concern is that this has occurred so close to the end-of-year holidays, even if a fix does come out in the next few days, will people be around to apply it.

For complete details see, the Bugtraq posting, the Secunia advisory, and what I believe is Alex's paper.

We'll bring you more info as it becomes available.

Jim Clausing, jclausing at

416 Posts
ISC Handler
Dec 21st 2005

Sign Up for Free or Log In to start participating in the conversation!