Symantec Mail Security Buffer Overflows in Processing Lotus 1-2-3 Attachments Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1019096
|
|
SecurityTracker URL: http://securitytracker.com/id?1019096
|
|
CVE Reference: CVE-2007-6593
(Links to External Site)
|
Updated: Feb 1 2008
|
Original Entry Date: Dec 13 2007
|
Impact: Execution of arbitrary code via network, User access via network
|
Vendor Confirmed: Yes
|
Version(s): 5.0.1 Patch 182, and prior versions
|
Description: A vulnerability was reported in Symantec Mail Security. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a specially crafted Lotus 1-2-3 attachment that, when processed by the target application, will trigger
a buffer overflow and execute arbitrary code on the target system. The code will run with the privileges of the target application.
The
vulnerability resides in the 3rd party Autonomy Verity KeyView SDK, which is used by Symantec Mail Security to process Lotus 1-2-3
file attachments.
Other applications that use the Verity KeyView SDK may be affected.
|
Impact: A remote user can create a file that, when processed by the target application, will execute arbitrary code on the target system.
|
Solution: No solution was available at the time of this entry.
The Symantec advisory is available at:
http://www.securityfocus.com/bid/26604
|
Vendor URL: www.symantec.com/ (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 12 Dec 2007 15:05:43 -0500
Subject: Symantec Mail Security
|
http://www.securityfocus.com/bid/26604
Symantec reports that the following versions are affected:
Symantec Mail Security for SMTP 5.0.1 Patch 182
Symantec Mail Security for SMTP 5.0.1 Patch 181
Symantec Mail Security for SMTP 5.0.1
Symantec Mail Security for SMTP 4.1
Symantec Mail Security for SMTP 4.0.2
Symantec Mail Security for SMTP 4.0 build 4.1.4.30
Symantec Mail Security for SMTP 4.0 build 4.0.5.66
Symantec Mail Security for SMTP 4.0 build 4.0.2
Symantec Mail Security for SMTP 4.0
Symantec Mail Security for SMTP 5.0
Symantec Mail Security for Microsoft Exchange 5.0
Symantec Mail Security for Microsoft Exchange 4.6.3
Symantec Mail Security for Microsoft Exchange 4.6.3
Symantec Mail Security for Microsoft Exchange 4.6 build 97
Symantec Mail Security for Microsoft Exchange 4.6 build 97
Symantec Mail Security for Microsoft Exchange 4.6 build 4.6.1.107
Symantec Mail Security for Microsoft Exchange 4.5 build 719
Symantec Mail Security for Microsoft Exchange 4.5 build 4.5.4.743
Symantec Mail Security for Microsoft Exchange 4.5 build 743
Symantec Mail Security for Microsoft Exchange 4.5 build 741
Symantec Mail Security for Microsoft Exchange 4.5 build 736
Symantec Mail Security for Microsoft Exchange 4.5
Symantec Mail Security for Microsoft Exchange 4.1 build 459
Symantec Mail Security for Microsoft Exchange 4.1 build 458
Symantec Mail Security for Microsoft Exchange 4.1 461
Symantec Mail Security for Microsoft Exchange 4.0 build 743
Symantec Mail Security for Microsoft Exchange 4.0 build 741
Symantec Mail Security for Microsoft Exchange 4.0 build 736
Symantec Mail Security for Microsoft Exchange 4.0 build 465
Symantec Mail Security for Microsoft Exchange 4.0 build 463
Symantec Mail Security for Microsoft Exchange 4.0 build 456
Symantec Mail Security for Microsoft Exchange 4.0 build 465
Symantec Mail Security for Microsoft Exchange 4.0 build 463
Symantec Mail Security for Microsoft Exchange 4.0 build 456
Symantec Mail Security for Microsoft Exchange 4.0
Symantec Mail Security for Microsoft Exchange 5.0.7.373
Symantec Mail Security for Microsoft Exchange 5.0.6.368
Symantec Mail Security for Microsoft Exchange 5.0.0.204
Symantec Mail Security for Microsoft Exchange 4.6.8.120
Symantec Mail Security for Domino 7.5.0.19
Symantec Mail Security for Domino 7.5
Symantec Mail Security Appliance 5.0
Symantec Mail Security Appliance 5.0.0.24
Symantec Mail Security Appliance 5.0.0-36
|
|
