 |
MemeStreams Discussion |
|
| This page contains all of the posts and discussion on MemeStreams referencing the following web page: DOD has vulnerability from Symantec products - DEC 21 - NO fix yet. You can find discussions on MemeStreams as you surf the web, even if you aren't a MemeStreams member, using the Threads Bookmarklet. |
| DOD has vulnerability from Symantec products - DEC 21 - NO fix yet by skullaria at 3:00 am EST, Dec 24, 2005 | |||
Just stumbled upon this.... (really symantec users have a problem) Symantec Vulnerability A new vulnerability identified in Symantec Antivirus Products in use by the DOD that can result in a heap overflow condition and the ability for an attacker to execute arbitrary code and gain full control of the system. The vulnerability is caused due to a boundary error in Dec2Rar.dll when copying data based on the length field in the sub-block headers of a RAR archive. This can be exploited to cause a heap-based buffer overflow and may allow arbitrary code execution when a malicious RAR archive is scanned. There is no fix provided by Symantec at this time, but blocking .rar files at the email servers and gateways to prevent this vulnerability from being exploited is recommended. This block should remain in place until a fix can be provided by Symantec. Here's more info http://xforce.iss.net/xforce/alerts/id/210 | |||
| Link - Reply | |||
