Older Symantec AVs open to remote code execution

By

No update planned for affected scan engine.

Vulnerabilities have been discovered in older versions of Symantec anti-virus which can grant privileged remote code execution to unauthenticated attackers.

Older Symantec AVs open to remote code execution

The holes (CVE-2012-4953) existed in the handling of malformed CAB files by the anti-virus products which resulted in memory corruption.

Will Dormann, vulnerability analyst at the Computer Emergency Response Team Coordination Center (CERT/CC), discovered the flaw.

“Successful exploitation may result in arbitrary code execution as the result of a file being scanned,” Dormann said.

“We have confirmed that Symantec Endpoint Protection 11, which uses dec_abi.dll, and Symantec Scan Engine 5.2, which uses Dec2CAB.dll, are affected.”

Users could protect themselves by updating to Symantec Endpoint Protection 12.

Symantec told CERT Symantec Endpoint Protection 11 used an old scan engine and would not be updated.

The latest version of Symantec Protection Engine for Cloud Services did not appear affected by the vulnerability.

CERT recommended users deploy Microsoft’s Enhanced Mitigation Experience Toolkit and to enable Data Execution Prevention to reduce the risk of exploitation. 

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

"Widespread data theft" hits Salesforce customers via third party

"Widespread data theft" hits Salesforce customers via third party

Melbourne dev finds gift card PINs can be brute-forced

Melbourne dev finds gift card PINs can be brute-forced

Western Sydney University targets file-sharing sites hosting stolen data

Western Sydney University targets file-sharing sites hosting stolen data

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Log In

  |  Forgot your password?