CVE-2005-0249
CVSS7.5
发布时间 :2005-02-08 00:00:00
修订时间 :2008-09-05 16:45:45
NMCOS    

[原文]Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.


[CNNVD]Symantec AntiVirus UPX文件解析库堆溢出漏洞(CNNVD-200502-011)

        Symantec Antivirus库用于解析不同文件格式以检测恶意程序,其中一个模块DEC2EXE用于检测UPX文件格式。
        Symantec Antivirus库用于检测UPX文件的模块对虚拟文件偏移缺少正确处理,远程攻击者可以利用这个漏洞构建恶意UPX文件,诱使用户处理,可能以用户进程权限在系统上执行任意指令。
        在UPX解压缩前,当重构PE头时不正确检查虚拟文件偏移,攻击者可以提供一个负的虚拟偏移给特殊构建的PE头,在后续的边界计算时,使用这个整数值作拷贝操作,可导致一个堆溢出。攻击者可以发送一个包含恶意UPX文件的EMAIL给使用Symantec AntiVirus库处理的目标用户,可导致发生堆溢出,精心构建PE头数据可能以进程权限在系统上执行任意指令。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:symantec:antivirus_scan_engine:4.3.3::filers
cpe:/a:symantec:client_security:1.0.1_build_8.01.437Symantec Symantec Client Security 1.0.1 build 8.01.437
cpe:/a:symantec:norton_antivirus:9.0::macintosh_corporate
cpe:/a:symantec:gateway_security:2.0.1
cpe:/a:symantec:mail_security:4.1:build_461:exchange
cpe:/a:symantec:norton_antivirus:9.0::macintosh_osx
cpe:/a:symantec:mail_security:4.0::domino
cpe:/a:symantec:web_security:3.01.61Symantec Symantec Web Security 3.0.1.61
cpe:/a:symantec:antivirus_scan_engine:4.0::netapp_filer
cpe:/a:symantec:mail_security:4.5_build_719::exchangeSymantec Mail Security 4.5 build719 Exchange
cpe:/a:symantec:norton_antivirus:8.01.434::corporate
cpe:/a:symantec:antivirus_scan_engine:3.1.2
cpe:/a:symantec:sav_filter_domino_nt_ports:build3.0.5::aix
cpe:/a:symantec:brightmail_antispam:5.5Symantec BrightMail AntiSpam 5.5
cpe:/a:symantec:antivirus_scan_engine:4.3.3::bluecoat
cpe:/a:symantec:web_security:3.01.68Symantec Symantec Web Security 3.0.1.68
cpe:/a:symantec:web_security:3.01.59Symantec Symantec Web Security 3.0.1.59
cpe:/a:symantec:mail_security:4.0.2::smtp
cpe:/a:symantec:client_security:1.0.1_build_8.01.457:mr5Symantec Symantec Client Security 1.0.1 MR5 build 8.01.457
cpe:/a:symantec:antivirus_scan_engine:4.0::bluecoat
cpe:/a:symantec:antivirus_scan_engine:3.1.4
cpe:/a:symantec:antivirus_scan_engine:4.3.3::caching
cpe:/a:symantec:client_security:1.0.1_build_8.01.434:mr3Symantec Symantec Client Security 1.0.1 MR3 build 8.01.434
cpe:/a:symantec:client_security:1.1.1_mr2_build_8.1.1.319
cpe:/a:symantec:client_security:1.0.1_build_8.01.446:mr4Symantec Symantec Client Security 1.0.1 MR4 build 8.01.446
cpe:/a:symantec:norton_antivirus:8.1.1.319::corporate
cpe:/a:symantec:mail_security:4.1:build_458:exchange
cpe:/a:symantec:client_security:1.1.1_mr1_build_8.1.1.314a
cpe:/a:symantec:norton_antivirus:8.01.460::corporate
cpe:/a:symantec:gateway_security:1.0
cpe:/a:symantec:client_security:1.0.1_build_8.01.460:mr6Symantec Symantec Client Security 1.0.1 MR6 build 8.01.460
cpe:/a:symantec:brightmail_antispam:4.0Symantec BrightMail AntiSpam 4.0
cpe:/a:symantec:norton_system_works:3.0::macintosh
cpe:/a:symantec:antivirus_scan_engine:4.3.3::netapp_filer
cpe:/a:symantec:norton_antivirus:8.01.471::corporate
cpe:/a:symantec:client_security:1.1.1_mr3_build_8.1.1.323
cpe:/a:symantec:sav_filter_domino_nt_ports:build3.0.5::os_400
cpe:/a:symantec:antivirus_scan_engine:4.3Symantec AntiVirus Scan Engine 4.3
cpe:/a:symantec:norton_antivirus:2.18_build_83::exchange
cpe:/a:symantec:client_security:1.0.1_build_8.01.464:mr7Symantec Symantec Client Security 1.0.1 MR7 build 8.01.464
cpe:/a:symantec:antivirus_scan_engine:3.1.1
cpe:/a:symantec:client_security:1.1.1_mr4_build_8.1.1.329
cpe:/a:symantec:norton_antivirus:8.1.1.329::corporate
cpe:/a:symantec:web_security:3.01.60Symantec Symantec Web Security 3.0.1.60
cpe:/a:symantec:norton_internet_security:3.0::macintosh
cpe:/a:symantec:antivirus_scan_engine:3.1.3
cpe:/a:symantec:norton_antivirus:8.1.1_build8.1.1.314a::corporate
cpe:/a:symantec:norton_antivirus:8.01.446::corporate
cpe:/a:symantec:antivirus_scan_engine:4.0::netapp_netcache
cpe:/a:symantec:norton_antivirus:8.1.1.323::corporate
cpe:/a:symantec:antivirus_scan_engine:4.0Symantec AntiVirus Scan Engine 4.0
cpe:/a:symantec:norton_antivirus:8.01.437::corporate
cpe:/a:symantec:sav_filter_for_domino_nt:3.1.1
cpe:/a:symantec:norton_internet_security:2004::professional
cpe:/a:symantec:mail_security:4.1:build_459:exchange
cpe:/a:symantec:norton_antivirus:2004::windows
cpe:/a:symantec:norton_system_works:2004::windows
cpe:/a:symantec:norton_antivirus:8.01.457::corporate
cpe:/a:symantec:antivirus_scan_engine:3.1.5
cpe:/a:symantec:client_security:1.1.1_mr5_build_8.1.1.336
cpe:/a:symantec:web_security:3.01.62Symantec Symantec Web Security 3.0.1.62
cpe:/a:symantec:client_security:1.0.1_build_8.01.471:mr8Symantec Symantec Client Security 1.0.1 MR8 build 8.01.471
cpe:/a:symantec:norton_antivirus:8.01.464::corporate
cpe:/a:symantec:web_security:3.01.67Symantec Symantec Web Security 3.0.1.67
cpe:/a:symantec:antivirus_scan_engine:4.3.3::netapp_netcache
cpe:/a:symantec:web_security:3.01.63Symantec Symantec Web Security 3.0.1.63
cpe:/a:symantec:gateway_security:2.0
cpe:/a:symantec:antivirus_scan_engine:3.1.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0249
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0249
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-011
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/107822
(VENDOR_ADVISORY)  CERT-VN  VU#107822
http://xforce.iss.net/xforce/xfdb/18869
(VENDOR_ADVISORY)  XF  upx-engine-gain-control(18869)
http://xforce.iss.net/xforce/alerts/id/187
(VENDOR_ADVISORY)  ISS  20050208 Symantec AntiVirus Library Heap Overflow
http://www.symantec.com/avcenter/security/Content/2005.02.08.html
(VENDOR_ADVISORY)  CONFIRM  http://www.symantec.com/avcenter/security/Content/2005.02.08.html
http://securitytracker.com/id?1013133
(UNKNOWN)  SECTRACK  1013133

- 漏洞信息

Symantec AntiVirus UPX文件解析库堆溢出漏洞
高危 缓冲区溢出
2005-02-08 00:00:00 2006-09-28 00:00:00
远程  
        Symantec Antivirus库用于解析不同文件格式以检测恶意程序,其中一个模块DEC2EXE用于检测UPX文件格式。
        Symantec Antivirus库用于检测UPX文件的模块对虚拟文件偏移缺少正确处理,远程攻击者可以利用这个漏洞构建恶意UPX文件,诱使用户处理,可能以用户进程权限在系统上执行任意指令。
        在UPX解压缩前,当重构PE头时不正确检查虚拟文件偏移,攻击者可以提供一个负的虚拟偏移给特殊构建的PE头,在后续的边界计算时,使用这个整数值作拷贝操作,可导致一个堆溢出。攻击者可以发送一个包含恶意UPX文件的EMAIL给使用Symantec AntiVirus库处理的目标用户,可导致发生堆溢出,精心构建PE头数据可能以进程权限在系统上执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.symantec.com/avcenter/security/Content/2005.02.08.html

- 漏洞信息

13647
Symantec Multiple Products UPX DEC2EXE Parsing Routine Overflow
Input Manipulation
Loss of Integrity
Exploit Commercial

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-02-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Symantec UPX Parsing Engine Remote Heap Overflow Vulnerability
Boundary Condition Error 12492
Yes No
2005-02-08 12:00:00 2009-07-12 10:06:00
Discovery is credited to Alex Wheeler and the X-Force research team.

- 受影响的程序版本

Symantec Web Security 3.0
Symantec Norton SystemWorks 2004
Symantec Norton System Works for Macintosh 3.0
Symantec Norton System Works 7.0 for Macintosh
Symantec Norton System Works 2004 for Macintosh
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton Internet Security for Macintosh 2.0
Symantec Norton Internet Security 2004 Professional Edition
Symantec Norton Internet Security 2004 for Macintosh
Symantec Norton AntiVirus for MS Exchange 2.1
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus for Microsoft Exchange 2.18 build 83
Symantec Norton Antivirus for Macintosh Corporate Edition 9.0
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Antivirus 8.0 for Macintosh
Symantec Norton Antivirus 2004 for Macintosh
Symantec Norton AntiVirus 2004
Symantec Mail Security for SMTP 4.0
Symantec Mail Security for Microsoft Exchange 4.5 build 719
Symantec Mail Security for Microsoft Exchange 4.5
Symantec Mail Security for Microsoft Exchange 4.1 build 459
Symantec Mail Security for Microsoft Exchange 4.1 build 458
Symantec Mail Security for Microsoft Exchange 4.1 461
Symantec Mail Security for Microsoft Exchange 4.0
Symantec Mail Security for Domino 4.0 build 4.0.1
Symantec Gateway Security 5400 2.0.1
Symantec Gateway Security 5400 2.0
Symantec Gateway Security 5300 1.0
Symantec Client Security 2.0
Symantec Client Security 1.1.1 MR5 build 8.1.1.336
Symantec Client Security 1.1.1 MR4 build 8.1.1.329
Symantec Client Security 1.1.1 MR3 build 8.1.1.323
Symantec Client Security 1.1.1 MR2 build 8.1.1.319
Symantec Client Security 1.1.1 MR1 build 8.1.1.314a
Symantec Client Security 1.1.1
Symantec Client Security 1.0.1 MR8 build 8.01.471
Symantec Client Security 1.0.1 MR7 build 8.01.464
Symantec Client Security 1.0.1 MR6 build 8.01.460
Symantec Client Security 1.0.1 MR5 build 8.01.457
Symantec Client Security 1.0.1 MR4 build 8.01.446
Symantec Client Security 1.0.1 MR3 build 8.01.434
Symantec Client Security 1.0.1 build 8.01.437
Symantec Client Security 1.0.1
Symantec Client Security 1.0
Symantec Brightmail Anti-Spam 5.5
Symantec Brightmail Anti-Spam 4.0
Symantec AntiVirus/Filtering for Domino Ports 3.0 (OS400) build 3.0.5
Symantec AntiVirus/Filtering for Domino Ports 3.0 (Linux) build 3.0.5
Symantec AntiVirus/Filtering for Domino Ports 3.0 (AIX) build 3.0.5
Symantec AntiVirus/Filtering for Domino Ports 3.0
Symantec AntiVirus/Filtering for Domino NT 3.1
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3
Symantec AntiVirus Scan Engine for Netapp NetCache 4.0
Symantec AntiVirus Scan Engine for Netapp Filer 4.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.0
Symantec AntiVirus Scan Engine for ISA 4.3
Symantec AntiVirus Scan Engine for ISA 4.0
Symantec AntiVirus Scan Engine for Filers 4.3
Symantec AntiVirus Scan Engine for Caching 4.3
Symantec AntiVirus Scan Engine for Bluecoat 4.3
Symantec AntiVirus Scan Engine for Bluecoat 4.0
Symantec AntiVirus Scan Engine 4.3
Symantec AntiVirus Scan Engine 4.0
Symantec AntiVirus for SMTP 3.1 build 3.1.6
Symantec AntiVirus for SMTP 3.1 build 3.1.5
Symantec AntiVirus for SMTP 3.1 build 3.1.4
Symantec AntiVirus for SMTP 3.1 build 3.1.3
Symantec AntiVirus for SMTP 3.1 build 3.1.2
Symantec AntiVirus for SMTP 3.1 build 3.1.1
Symantec AntiVirus for SMTP 3.1
Symantec AntiVirus for Network Attached Storage
Symantec AntiVirus for Caching
Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.329
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.323
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.319
Symantec AntiVirus Corporate Edition 8.1.1 build 8.1.1.314a
Symantec AntiVirus Corporate Edition 8.1.1
Symantec AntiVirus Corporate Edition 8.1 build 8.01.471
Symantec AntiVirus Corporate Edition 8.1 build 8.01.464
Symantec AntiVirus Corporate Edition 8.1 build 8.01.460
Symantec AntiVirus Corporate Edition 8.1 build 8.01.457
Symantec AntiVirus Corporate Edition 8.1 build 8.01.446
Symantec AntiVirus Corporate Edition 8.1 build 8.01.437
Symantec AntiVirus Corporate Edition 8.1 build 8.01.434
Symantec AntiVirus Corporate Edition 8.0 1
Symantec Web Security 3.0.1 build 3.01.59
Symantec Web Security 3.0.1 build 3.0.1.72
Symantec Web Security 3.0.1 .70
Symantec Norton SystemWorks 2003
Symantec Norton System Works for Macintosh 3.0
Symantec Norton System Works 7.0 for Macintosh
Symantec Norton System Works 2005 Premier
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton Internet Security for Macintosh 2.0
Symantec Norton Internet Security 2005
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton AntiVirus for MS Exchange 2.18.88
Symantec Norton AntiVirus for MS Exchange 2.18.85
Symantec Norton AntiVirus for MS Exchange 2.18.82
Symantec Norton AntiVirus for MS Exchange 2.1
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus for MS Exchange 2.0
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus for MS Exchange 1.5
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus Corporate Edition 7.6
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Antivirus 8.0 for Macintosh
Symantec Norton Antivirus 7.0 for Macintosh
Symantec Norton AntiVirus 2005
Symantec Norton Antivirus 2003 0
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Mail-Gear 1.1
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Symantec Mail-Gear 1.0
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Symantec Mail Security for SMTP 4.1
Symantec Mail Security for Microsoft Exchange 4.6 build 97
Symantec Mail Security for Microsoft Exchange 4.5 build 743
Symantec Mail Security for Microsoft Exchange 4.5 build 741
Symantec Mail Security for Microsoft Exchange 4.5 build 736
Symantec Mail Security for Microsoft Exchange 4.0 build 465
Symantec Mail Security for Microsoft Exchange 4.0 build 463
Symantec Mail Security for Microsoft Exchange 4.0 build 456
Symantec Mail Security for Domino 4.1
Symantec Mail Security for Domino 4.0.1
Symantec Mail Security for Domino 4.0 build 4.0.1
Symantec I-Gear MS Proxy 3.5
Symantec Client Security for Nokia Communicator
Symantec Client Security 2.0.3 MR3 b9.0.3.1000
Symantec Client Security 2.0.2 MR2 b9.0.2.1000
Symantec Client Security 2.0.1 MR1 b9.0.1.1000
Symantec Client Security 2.0 STM build 9.0.0.338
Symantec Client Security 1.1.1 MR6 b8.1.1.266
Symantec Client Security 1.1 STM b8.1.0.825a
Symantec Client Security 1.0.1 MR9 b8.01.501
Symantec Client Security 1.0.1 MR2 b8.01.429c
Symantec Client Security 1.0.1 MR1 b8.01.425a/b
Symantec Client Security 1.0 .0 b8.01.9378
Symantec Client Security 1.0 b8.01.9374
Symantec Brightmail Anti-Spam 6.0.1
Symantec Brightmail Anti-Spam 6.0
Symantec AntiVirus/Filtering for Domino Ports 3.0.7
Symantec AntiVirus/Filtering for Domino Ports 3.0.6
Symantec AntiVirus/Filtering for Domino Ports 3.0.5
Symantec AntiVirus/Filtering for Domino NT 3.1.1
Symantec AntiVirus/Filtering for Domino NT 3.1
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Microsoft Portal 4.3
Symantec AntiVirus Scan Engine for ISA 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Filers 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Bluecoat 4.3 build 4.3.3
Symantec AntiVirus Scan Engine 4.3.3
Symantec AntiVirus for SMTP 3.1.7
Symantec AntiVirus for SMTP 3.0 build 3.0.0.29
Symantec Antivirus for MS Office SharePoint Portal Server 2003
Symantec AntiVirus for Microsoft Office
Symantec AntiVirus for Handhelds Corporate Edition 3.0
Symantec AntiVirus for Handhelds 3.0 .0.194
Symantec AntiVirus for Handhelds 3.0
Symantec AntiVirus for Caching 4.3.3
Symantec AntiVirus Corporate Edition 9.0.3 .1000
Symantec AntiVirus Corporate Edition 9.0.2 .1000
Symantec AntiVirus Corporate Edition 9.0.1 .1.1000
Symantec AntiVirus Corporate Edition 9.0 .0.338
Symantec AntiVirus Corporate Edition 8.1.1 .366
Symantec AntiVirus Corporate Edition 8.1 .0.825a
Symantec AntiVirus Corporate Edition 8.0 1.9378
Symantec AntiVirus Corporate Edition 8.0 1.9374
Symantec AntiVirus Corporate Edition 8.0 1.501
Symantec AntiVirus Corporate Edition 8.0 1.429c
Symantec AntiVirus Corporate Edition 8.0 1.425a/b
Symantec AntiSpam for SMTP 3.1

- 不受影响的程序版本

Symantec Web Security 3.0.1 build 3.01.59
Symantec Web Security 3.0.1 build 3.0.1.72
Symantec Web Security 3.0.1 .70
Symantec Norton SystemWorks 2003
Symantec Norton System Works for Macintosh 3.0
Symantec Norton System Works 7.0 for Macintosh
Symantec Norton System Works 2005 Premier
Symantec Norton Internet Security for Macintosh 3.0
Symantec Norton Internet Security for Macintosh 2.0
Symantec Norton Internet Security 2005
Symantec Norton Internet Security 2003 Professional Edition
Symantec Norton AntiVirus for MS Exchange 2.18.88
Symantec Norton AntiVirus for MS Exchange 2.18.85
Symantec Norton AntiVirus for MS Exchange 2.18.82
Symantec Norton AntiVirus for MS Exchange 2.1
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus for MS Exchange 2.0
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus for MS Exchange 1.5
- Microsoft Exchange Server 5.0
- Microsoft Windows NT 4.0
Symantec Norton AntiVirus Corporate Edition 7.6
Symantec Norton Antivirus 9.0 for Macintosh
Symantec Norton Antivirus 8.0 for Macintosh
Symantec Norton Antivirus 7.0 for Macintosh
Symantec Norton AntiVirus 2005
Symantec Norton Antivirus 2003 0
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
Symantec Mail-Gear 1.1
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Symantec Mail-Gear 1.0
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
Symantec Mail Security for SMTP 4.1
Symantec Mail Security for Microsoft Exchange 4.6 build 97
Symantec Mail Security for Microsoft Exchange 4.5 build 743
Symantec Mail Security for Microsoft Exchange 4.5 build 741
Symantec Mail Security for Microsoft Exchange 4.5 build 736
Symantec Mail Security for Microsoft Exchange 4.0 build 465
Symantec Mail Security for Microsoft Exchange 4.0 build 463
Symantec Mail Security for Microsoft Exchange 4.0 build 456
Symantec Mail Security for Domino 4.1
Symantec Mail Security for Domino 4.0.1
Symantec Mail Security for Domino 4.0 build 4.0.1
Symantec I-Gear MS Proxy 3.5
Symantec Client Security for Nokia Communicator
Symantec Client Security 2.0.3 MR3 b9.0.3.1000
Symantec Client Security 2.0.2 MR2 b9.0.2.1000
Symantec Client Security 2.0.1 MR1 b9.0.1.1000
Symantec Client Security 2.0 STM build 9.0.0.338
Symantec Client Security 1.1.1 MR6 b8.1.1.266
Symantec Client Security 1.1 STM b8.1.0.825a
Symantec Client Security 1.0.1 MR9 b8.01.501
Symantec Client Security 1.0.1 MR2 b8.01.429c
Symantec Client Security 1.0.1 MR1 b8.01.425a/b
Symantec Client Security 1.0 .0 b8.01.9378
Symantec Client Security 1.0 b8.01.9374
Symantec Brightmail Anti-Spam 6.0.1
Symantec Brightmail Anti-Spam 6.0
Symantec AntiVirus/Filtering for Domino Ports 3.0.7
Symantec AntiVirus/Filtering for Domino Ports 3.0.6
Symantec AntiVirus/Filtering for Domino Ports 3.0.5
Symantec AntiVirus/Filtering for Domino NT 3.1.1
Symantec AntiVirus/Filtering for Domino NT 3.1
Symantec AntiVirus Scan Engine for Netapp NetCache 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Netapp Filer 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Microsoft Portal 4.3
Symantec AntiVirus Scan Engine for ISA 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Filers 4.3 build 4.3.3
Symantec AntiVirus Scan Engine for Bluecoat 4.3 build 4.3.3
Symantec AntiVirus Scan Engine 4.3.3
Symantec AntiVirus for SMTP 3.1.7
Symantec AntiVirus for SMTP 3.0 build 3.0.0.29
Symantec Antivirus for MS Office SharePoint Portal Server 2003
Symantec AntiVirus for Microsoft Office
Symantec AntiVirus for Handhelds Corporate Edition 3.0
Symantec AntiVirus for Handhelds 3.0 .0.194
Symantec AntiVirus for Handhelds 3.0
Symantec AntiVirus for Caching 4.3.3
Symantec AntiVirus Corporate Edition 9.0.3 .1000
Symantec AntiVirus Corporate Edition 9.0.2 .1000
Symantec AntiVirus Corporate Edition 9.0.1 .1.1000
Symantec AntiVirus Corporate Edition 9.0 .0.338
Symantec AntiVirus Corporate Edition 8.1.1 .366
Symantec AntiVirus Corporate Edition 8.1 .0.825a
Symantec AntiVirus Corporate Edition 8.0 1.9378
Symantec AntiVirus Corporate Edition 8.0 1.9374
Symantec AntiVirus Corporate Edition 8.0 1.501
Symantec AntiVirus Corporate Edition 8.0 1.429c
Symantec AntiVirus Corporate Edition 8.0 1.425a/b
Symantec AntiSpam for SMTP 3.1

- 漏洞讨论

Various Symantec products are reported prone to a remote heap overflow vulnerability. This issue affects the UPX Parsing Engine shipped with the products.

A successful attack may allow a remote attacker to execute arbitrary code on a vulnerable computer leading to a complete compromise.

- 漏洞利用

An exploit has been developed for this issue and is implemented in a licensed exploit scanner; users with a license will have access to the exploit, however Symantec is not aware of any freely available public exploit.

- 解决方案

Symantec has released an updated security bulletin (SYM05-003); this updated bulletin contains further revisions to the vulnerable and non-vulnerable sections.

Symantec has released advisory SYM05-003 and updates to address this issue in affected applications. The updates may be automatically installed on vulnerable computers by running LiveUpdate for products that support LiveUpdate capability or from http://www.symantec.com/techsupp/ for other products.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站