Holes in Symantec Mail Security products
Symantec's Mail Security for Exchange, Domino, and SMTP contain a number of vulnerabilities in the parsing of files that can reportedly be exploited to compromise a system. According to Secunia, the problem is based on the same flaws recently reported in Lotus Notes: in File Viewer, manipulated documents provoke a buffer overflow that allows code to be copied onto the stack and executed.
Both Symantec's and IBM's File Viewer are reportedly based on Verity Keyview SDK, in which the files/modules mifsr.dll, awsr.dll, kpagrdr.dll, exesr.dll, rtfsr.dll, mwsr.dll and exesr.dll are reportedly vulnerable. However, the product has to be configured to analyze Word or FrameMaker attachments for the flaws to be exploited. The problem was quietly patched for Windows, Linux, and Solaris versions with patch 181 and 182 for version 5.0.1 of Mail Security for SMTP. On the other hand, there are no updates for the vulnerable Exchange version 220.127.116.113 and Domino version 18.104.22.168. Version 6 of Mail Security for Exchange is, however, available, though it is not clear whether this version is also vulnerable.
- Symantec Mail Security for Exchange File Parsing Vulnerabilities, Secunia's security advisory
- Buffer overflow vulnerability in Lotus Notes file viewers (.wpd, .sam, .doc, and .mif) , IBM's security advisory