Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Symantec AV Products - New Security Patch needed

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:03:07 PM

Posted 10 February 2005 - 06:03 AM

Many current SAV and NAV product versions require patching to fix a security hole in the UPX compression algorithms. This update is available on Symantec's web site.

SYM05-003 - Symantec UPX Parsing Engine Heap Overflow

Risk Impact: High

Overview: Symantec resolved a potential remote access compromise vulnerability reported by ISS X-Force. The vulnerability was identified in an early version of a Symantec antivirus scanning module responsible for parsing UPX compressed files that is still in limited use in some Symantec security products. The vulnerable component fails to do proper bounds checks when analyzing certain container files for virus content. An attacker sending a specifically crafted UPX file could potentially compromise the targeted system.

Serious Symantec Vulnerability

ISS X-Force has found a serious heap overflow vulnerability in many versions of the Symantec UPX decompression engine. As some of you may be aware, most modern trojans are packed with a combination of obfuscating and compression methods to evade detection; a component of which is UPX compression. It is conjectured that malware will soon take advantage of this attack to evade, disable, and possibly damage Symantec security products. Please examine the list of products posted by SARC and take immediate action to remedy any vulnerability you might be exposed to. Hotfixes are available. Stop reading and go patch now. This webpage will be here when you get back, which is more than we can say for your browsing experience should you decide NOT to take action.

Further information is available at

Edited by harrywaldron, 10 February 2005 - 06:04 AM.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users