Vulnerability Note VU#305272
Symantec RAR decompression library contains multiple heap overflows
The Symantec RAR decompression library Dec2RAR.dll contains multiple heap buffer overflows. Using a specially crafted RAR archive, a remote attacker could execute arbitrary code or cause a denial of service.
Symantec AntiVirus and other security products use a library to decompress and scan inside RAR archives. This library, Dec2RAR.dll, contains multiple heap buffer overflows. A remote attacker could exploit these vulnerabilities by causing a Symantec product to scan a specially crafted RAR archive. The attacker could accomplish this in a number of ways including hosting the archive on a web site, sending it as an email attachment, or providing it on a file system or network share.
The vulnerable library exists in Symantec products that run on Microsoft Windows platforms and may be present in OEM versions or other software based on Symantec code. Please see Symantec AntiVirus Decomposition Buffer Overflow (SYM05-027) for further information, including a list of affected products.
A remote attacker could execute arbitrary code or cause a denial of service. Since many scanning processes run with Local System privileges, the attacker could take complete control of a vulnerable system.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Symantec, Inc.||Affected||20 Dec 2005||24 Dec 2005|
CVSS Metrics (Learn More)
This vulnerability was publicly reported by rem0te.com. The rem0te.com advisory credits Alex Wheeler.
This document was written by Art Manion.
- CVE IDs: CVE-2005-4438
- Date Public: 20 Dec 2005
- Date First Published: 21 Dec 2005
- Date Last Updated: 29 Dec 2005
- Severity Metric: 21.26
- Document Revision: 10
If you have feedback, comments, or additional information about this vulnerability, please send us email.