ISS X-Force's Symantec RAR File Parser Remote Heap Overflow analysis says "The likelihood of this vulnerability being leveraged by a worm is low as successful exploitation requires a very large RAR file, in the area of 35-40MB. Files this large are not generally passed by mail servers and can eliminate this as a vector for a worm. X-Force believes this is still a serious threat since the vulnerability can be leveraged to exploit AV mail gateways. Desktops which employ the on-demand scanning function could also be exploited without user intervention when scanning files downloaded by FTP or HTTP on the desktop."
Thank you for the information X-Force! Symantec's announcement - SYM05-027, December 21, 2005, Symantec AntiVirus Decomposition Buffer Overflow |
Patrick 193 Posts Dec 23rd 2005 |
Thread locked Subscribe |
Dec 23rd 2005 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!