RAR vulnerability reported for antivirus software

By Derek Sooman on December 22, 2005, 11:43 AM
A problem with RAR compressed files in Symantec's antivirus software has been rated as a critical vulnerability. If this problem is exploited, the anti-virus software could actually let in the kinds of malware that it is designed to identify and block. RAR files are commonly used by remote hackers to deliver viruses to people's machines. As a result, most anti virus software now scans the contents of these files by default. However...

...according to Wheeler, there is a problem with a boundary error in the file Dec2Rar.dll version 3.2.14.3 used by a wide number of Symantec products. When Symantec opens the files to examine the contents there are unchecked 16bit length fields in RAR sub-block header types. During the decompression of RAR files Symantec antivirus software is vulnerable to multiple heap overflows. As a result, an attacker could be able to gain control of the system being protected.
Seemingly, this can lead to unauthorised control of data and related privileges by attackers, and affects almost the entire range of Symantec anti virus products.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.