Bugtraq mailing list archives
[SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability
From: "snsadv () lac co jp" <snsadv () lac co jp>
Date: Wed, 19 Feb 2003 14:00:38 +0900
[Moderator note: This post was withheld, with permission from SNS, to ensure that the issue was resolved completely. ] ---------------------------------------------------------------------- SNS Advisory No.61 Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability Problem first discovered: Thu, 26 Dec 2002 Published: Wed, 19 Feb 2003 Reference: http://www.lac.co.jp/security/english/snsadv_e/61_e.html ---------------------------------------------------------------------- Overview: --------- The e-mail scanning function in Symantec Norton AntiVirus 2002 may cause a Buffer Overflow. Problem Description: -------------------- The e-mail scanning function in Symantec Norton AntiVirus 2002 will cause a Buffer Overflow when it receives an e-mail message with a compressed file which includes a file with an unusually long filename. An attacker could exploit this problem to execute arbitrary code with the privilege of the currently logged on user. Tested Versions: ---------------- Symantec Norton AntiVirus 2002 (version 8.07.17C) Tested OS: ---------- Windows 2000 Professional Japanese Edition + Windows 2000 Service Pack 3 Solution: --------- Update AntiVirus 2002 by using LiveUpdate. Discovered by: -------------- ARAI Yuu y.arai () lac co jp Acknowledgements: ----------------- Thanks to: Symantec Security Response Disclaimer: ----------- All information in these advisories are subject to change without any advanced notices neither mutual consensus, and each of them is released as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences caused by applying those information. ------------------------------------------------------------------ Secure Net Service(SNS) Security Advisory <snsadv () lac co jp> Computer Security Laboratory, LAC http://www.lac.co.jp/security/
Current thread:
- [SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability snsadv () lac co jp (Feb 19)