Yesterday, Alex Wheeler released details of a vulnerability that appears to span many Symantec A/V products in the routines for decoded RAR compressed files. Symantec is apparently working feverishly on a fix, but for the moment the recommendation is to disable scanning of these files (which I suppose is fine if we can convince the users not to open/uncompress them until Symantec has a fix or they can be scanned by some other A/V product) or block them completely at gateways/proxies. We are not currently aware of exploits in the wild, but the concern is that this has occurred so close to the end-of-year holidays, even if a fix does come out in the next few days, will people be around to apply it.
For complete details see, the Bugtraq posting, the Secunia advisory, and what I believe is Alex's paper. We'll bring you more info as it becomes available. ---------------------- Jim Clausing, jclausing at isc.sans.org I will be teaching next: Malware Reverse-Engineering Challenge - SANS San Antonio 2020 |
Jim 412 Posts ISC Handler |
Subscribe |
Dec 21st 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!