Nov
01
2007
MuZumbu
| Symantec Mail Security for Exchange File Parsing Vulnerabilities |
  |
|
|
| Secunia Advisory: |
SA27429 |
|
| Release Date: |
2007-10-29 |
|
| Critical: |
Highly critical |
| Impact: |
DoS
System access |
| Where: |
From remote |
| Solution Status: |
Unpatched |
|
| Software: |
Symantec Mail Security for Exchange 4.x
Symantec Mail Security for Microsoft Exchange 5.x
Symantec Mail Security for Microsoft Exchange 6.x |
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
Description:
Multiple vulnerabilities have been discovered in Symantec Mail Security for Exchange, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.
The vulnerabilities are caused due to various errors within certain third-party file viewers and can be exploited to cause buffer overflows when a specially crafted file is checked.
The vulnerabilities are related to:
SA27304
Successful exploitation allows execution of arbitrary code, but requires that e.g. a policy is setup for scanning the contents of messages.
The vulnerabilities are confirmed in version 5.0.7.373. Other versions may also be affected.
Solution:
Secunia is currently not aware of available patches.
Disable scanning of message content if enabled.
Provided and/or discovered by:
Originally reported in IBM Lotus Notes advisories crediting:
* ZDI
* Tan Chew-Keong |
|
Leave a Reply
You must be logged in to post a comment.