Thursday, December 22, 2005

Yet another Bunch of Heap!

Just like Microsoft, Symantec reposts that a Flaw reported in Symantec anti-virus software give possibility that users could be open to an attack from a remote hacker thanks to a newly-discovered vulnerability. Independent security researcher Alex Wheeler found that Symantec Antivirus Library can be overwhelmed by "heap overflows" while decompressing a RAR file. The Symantec Antivirus Library provides file format support for virus analysis. During decompression of RAR files Symantec is vulnerable to multiple heap overflows allowing attackers complete control of the system(s) being protected. These vulnerabilities can be exploited remotely without user interaction in default configurations through common protocols such as SMTP (by Default is port 25). This vulnerability affects a substantial portion of Symantec’s gateway, server, & client antivirus-enabled product lines on most platforms. It's recommended to disable scanning of RAR compressed files until the vulnerable code is fixed.

Remember if you don't know the sender Don't Open it, Simply delete the email along with the file.

In the past Alex Wheeler has found other Heap Overflows with-in Panda, Sophos, KASPERSKY, Clamav, COMPUTER ASSOCIATES VET AV, and NOVELL ZENWORKS. Check out his website with his research at

The company plans to update the Antivirus Software Library to fix the vulnerability, and details about that update have been posted to Symantec's Security Response ( No exploits using the vulnerability have been reported to Symantec as of midday Wednesday.

(Image Source:

Researcher: Alex Wheeler

No comments: