SYM05-003 - Symantec UPX Parsing Engine Heap Overflow
Risk Impact: High
Overview: Symantec resolved a potential remote access compromise vulnerability reported by ISS X-Force. The vulnerability was identified in an early version of a Symantec antivirus scanning module responsible for parsing UPX compressed files that is still in limited use in some Symantec security products. The vulnerable component fails to do proper bounds checks when analyzing certain container files for virus content. An attacker sending a specifically crafted UPX file could potentially compromise the targeted system.
Serious Symantec Vulnerability
ISS X-Force has found a serious heap overflow vulnerability in many versions of the Symantec UPX decompression engine. As some of you may be aware, most modern trojans are packed with a combination of obfuscating and compression methods to evade detection; a component of which is UPX compression. It is conjectured that malware will soon take advantage of this attack to evade, disable, and possibly damage Symantec security products. Please examine the list of products posted by SARC and take immediate action to remedy any vulnerability you might be exposed to. Hotfixes are available. Stop reading and go patch now. This webpage will be here when you get back, which is more than we can say for your browsing experience should you decide NOT to take action.
Further information is available at
Edited by harrywaldron, 10 February 2005 - 06:04 AM.