Multiple.Symantec.Products.Remote.Code.Execution.Vulnerability
Description
Symantec Endpoint Protection is an antivirus and firewall product designed for corporate use.
A flaw exists in which the decomposer engine does not perform proper bound checking of the contents of CAB archives. A remote attacker could use a specially crafted CAB archive to cause a denial of service in the form of an application crash or, possibly, execute arbitrary code (CVE-2012-4953)
Affected Products
Versions of Symantec Endpoint Protection prior to 11.0
Versions of Symantec Endpoint Protection Small Business Edition prior to 12.0
Versions of Symantec AntiVirus Corporate Edition (SAVCE) prior to 10
Versions of Symantec Scan Engine (SSE) prior to 5.2.7.x
Impact
This vulnerability could allow a remote attacker to cause a denial of service in the form of an application crash or, possibly, execute arbitrary code.
Recommended Actions
Apply update patches as instructed here:
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |