Symantec Patches High-Risk Vulnerability | eWeek

Symantec Patches High-Risk Vulnerability

Écrit par
Ryan Naraine
Ryan Naraine
Feb 9, 2005
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Network security specialist Symantec Corp. has confirmed a high-risk vulnerability in multiple anti-virus and anti-spam products and warned that a successful exploit could lead to code execution attacks.

The vulnerability, which was reported by Internet Security Systems Inc.s X-Force unit, is described as a boundary error in the DEC2EXE parsing engine used in versions of the Symantec scan engine.

“The vulnerable DEC2EXE engine contained a heap overflow that could be initiated by sending a specifically crafted UPX file that would be parsed by the vulnerable DEC2EXE engine. If successfully exploited, the attack could potentially result in remote arbitrary code execution and possible compromise of the targeted system,” Symantec said in a security advisory.

In response, the Cupertino, Calif.-based company has discontinued use of the DEC2EXE engine, which is no longer required to parse compressed files. Symantec officials said the company had already deleted the vulnerable engine from the majority of its products and had planned to complete the removal from all affected product lines during upcoming maintenance updates.

A separate alert from ISS X-Force said the flaw affects all products that depend on the Symantec AntiVirus Library to push out anti-virus capabilities to desktops, servers and enterprise gateway systems.

“Several large vendors and ISPs implement Symantecs AntiVirus Library in their products. By crafting a UPX file, an attacker is able to trigger a heap overflow within the process importing the Symantec AntiVirus Library,” ISS X-Force said in the alert.

The flaw affects multiple enterprise and consumer product lines, ranging from Norton AntiVirus, Symantec Mail Security, AntiVirus/Filtering, Symantec Web Security, Symantec BrightMail AntiSpam and Symantec AntiVirus Corporate Edition.

/zimages/2/28571.gifClick hereto read about high-risk security holes in Symantecs Nexland Firewall appliances.

The company has published a complete list of affected and non-affected products.

Symantec has also posted hotfixes to address this issue for the affected Symantec Gateway Security 5300 and 5400 Series appliances. The fix removes the legacy DEC2EXE engine from the affected products and upgrades the scan engine to a new version.

Product specific hotfixes are available through the Symantec Enterprise Support site.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.