Symantec Antivirus Scan Engine: Web Service Administrative Interface Buffer Overflow
iDEFENSE Labs has notified Symantec about a remotely exploitable buffer overflow vulnerability in the Symantec AntiVirus
Scan Engine that can allow remote attackers to execute arbitrary code. The iDEFENSE Advisory says "A remote attacker can send a specially crafted HTTP request to the
administrative Scan Engine Web Wervice on port 8004 to crash the service or
execute arbitrary code."
Patch today folks.
Symantec's Advisory, (with patch and mitigation information) states the "Risk Impact" is High. Affected versions listed are;
Patch today folks.
Symantec's Advisory, (with patch and mitigation information) states the "Risk Impact" is High. Affected versions listed are;
| Product | Version | Build | Solution |
| Symantec AntiVirus Scan Engine | 4.0 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine | 4.3 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for ISA | 4.0 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for ISA | 4.3 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Netapp Filer | 4.0 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Messaging | 4.3 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Netapp NetCache | 4.0 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Network Attached Storage | 4.3 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Bluecoat | 4.0 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Caching | 4.3 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Microsoft SharePoint | 4.3 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Clearswift | 4.0 | All | SAVSE 4.3.12 |
| Symantec AntiVirus Scan Engine for Clearswift | 4.3 | All | SAVSE 4.3.12 |
Non-Affected Product(s)
| Product | Version | Build |
| Symantec AntiVirus Scan Engine | 4.1 | All |
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments