Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability

Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability

by Nikola Strahija on February 20th, 2003 The e-mail scanning function in Symantec Norton AntiVirus 2002 may cause a Buffer Overflow.


SNS Advisory No.61
Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability

Problem first discovered: Thu, 26 Dec 2002
Published: Wed, 19 Feb 2003
Reference: http://www.lac.co.jp/security/english/snsadv_e/61_e.html
----------------------------------------------------------------------

Overview:
---------
The e-mail scanning function in Symantec Norton AntiVirus 2002 may cause
a Buffer Overflow.

Problem Description:
--------------------
The e-mail scanning function in Symantec Norton AntiVirus 2002 will cause
a Buffer Overflow when it receives an e-mail message with a compressed file
which includes a file with an unusually long filename.

An attacker could exploit this problem to execute arbitrary code with the
privilege of the currently logged on user.


Tested Versions:
----------------
Symantec Norton AntiVirus 2002 (version 8.07.17C)

Tested OS:
----------
Windows 2000 Professional Japanese Edition + Windows 2000 Service Pack 3

Solution:
---------
Update AntiVirus 2002 by using LiveUpdate.

Discovered by:
--------------
ARAI Yuu [email protected]

Acknowledgements:
-----------------
Thanks to:
Symantec Security Response

Disclaimer:
-----------
All information in these advisories are subject to change without any
advanced notices neither mutual consensus, and each of them is released
as it is. LAC Co.,Ltd. is not responsible for any risks of occurrences
caused by applying those information.

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory
Computer Security Laboratory, LAC http://www.lac.co.jp/security/


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »