Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Symantec AV RAR library vulnerability - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Symantec AV RAR library vulnerability
Yesterday, Alex Wheeler released details of a vulnerability that appears to span many Symantec A/V products in the routines for decoded RAR compressed files.  Symantec is apparently working feverishly on a fix, but for the moment the recommendation is to disable scanning of these files (which I suppose is fine if we can convince the users not to open/uncompress them until Symantec has a fix or they can be scanned by some other A/V product) or block them completely at gateways/proxies.  We are not currently aware of exploits in the wild, but the concern is that this has occurred so close to the end-of-year holidays, even if a fix does come out in the next few days, will people be around to apply it.

For complete details see, the Bugtraq posting, the Secunia advisory, and what I believe is Alex's paper.

We'll bring you more info as it becomes available.

----------------------
Jim Clausing, jclausing at isc.sans.org
I will be teaching next: Malware Reverse-Engineering Challenge - SANS New York City 2019

Jim

407 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!