Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Security)  >   Norton Anti-Virus Vendors:   Symantec
Symantec Norton Anti-Virus Buffer Overflow in DEC2EXE in Parsing UPX Compressed Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1013133
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 9 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Symantec's Norton Anti-Virus. A remote user may be able to execute arbitrary code on the target system. Several other Symantec products are also affected.

The software does not properly parse UPX compressed files when inspecting them for viruses. A remote user can send a specially crafted UPX file to trigger a buffer overflow and execute arbitrary code.

The flaw resides in the DEC2EXE engine.

The following versions are affected:

Norton AntiVirus for Microsoft Exchange 2.1, prior to build 2.18.85
Symantec Norton Antivirus 2004 for Windows
Symantec Norton Antivirus 2004 for Macintosh
Symantec Norton Antivirus 9.0 for Macintosh

Impact:   A remote user can execute arbitrary code on the target system with the privileges of the anti-virus process.
Solution:   The vendor has issued a fix available via LiveUpdate and at:

Vendor URL: (Links to External Site)
Cause:   Boundary error
Underlying OS:  UNIX (macOS/OS X), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, LLC