Security update for several Symantec antivirus products
Symantec has released an update for a number of its antivirus products to correct two vulnerabilities in the Symantec Scan Engine when handling RAR files. The Scan Engine is a standalone scanner that communicates with other programs across a network. It listens on TCP port 1344 and accepts files for scanning using the Internet Content Adaptation Protocol (ICAP).
According to the advisory, malformed RAR files can provoke a buffer overflow that could allow arbitrary code to be written and executed on a computer. A second vulnerability can cause excessive memory usage, leading to system instability. The problem affects Symantec Scan Engine up to and including Version 18.104.22.168, which is incorporated in many server-based products; a full list is given in the advisory.
The update is already being distributed via LiveUpdate.
- Symantec Scan Engine 5.1.2 RAR File Denial of Service Vulnerability, iDefense security advisory
- Symantec Scan Engine 5.1.2 RAR File Buffer Overflow Vulnerability, iDefense security advisory
- Symantec Decomposer: Multiple Denial of Service Vulnerabilities, Symantec security advisory