RAR vulnerability reported for antivirus software

By Derek Sooman on December 22, 2005, 11:43 AM
A problem with RAR compressed files in Symantec's antivirus software has been rated as a critical vulnerability. If this problem is exploited, the anti-virus software could actually let in the kinds of malware that it is designed to identify and block. RAR files are commonly used by remote hackers to deliver viruses to people's machines. As a result, most anti virus software now scans the contents of these files by default. However...

...according to Wheeler, there is a problem with a boundary error in the file Dec2Rar.dll version 3.2.14.3 used by a wide number of Symantec products. When Symantec opens the files to examine the contents there are unchecked 16bit length fields in RAR sub-block header types. During the decompression of RAR files Symantec antivirus software is vulnerable to multiple heap overflows. As a result, an attacker could be able to gain control of the system being protected.
Seemingly, this can lead to unauthorised control of data and related privileges by attackers, and affects almost the entire range of Symantec anti virus products.




User Comments: 10

Got something to say? Post a comment
PanicX said:
Congratulations Symantec on another job well done. Not only can you manage to make your products ineffective, resource intensive and data destructive, but you can hand out a key to the back door at the same time.I can't help but wonder if this attack would also work against the symantec firewall/vpn anti-virus as well.
Eleventeen said:
Wonderful... Ive been using their antivirus software for around 2 years now. I really have been thinking of switching to something better but nothing really modivated me to do it. This really has changed my mind, looks like its time for a new AV.
MonkeyMan said:
Well, the best security, in my opinion, is McAfee. Their security system keeps out the Hackfreaks, and keeps your PC clean and running smooth, without any intrusions. That's what I would recommend. Thats very unfortunate for symantec, their software sales are destined to go lower because of this. I hope not, but I'm guessing they'll be able to fix this.
cyrax said:
I've stopped using symantics stuff so long ago its become a memory.better of using kaspersky, panda or if you are cash strapped avg or even avast!.these are the hallmarks of quality.
nathanskywalker said:
[b]Originally posted by MonkeyMan:[/b][quote]Well, the best security, in my opinion, is McAfee. Their security system keeps out the Hackfreaks, and keeps your PC clean and running smooth, without any intrusions. That's what I would recommend. Thats very unfortunate for symantec, their software sales are destined to go lower because of this. I hope not, but I'm guessing they'll be able to fix this.[/quote] Exactly. And did i mention that norton antivi really...bites the big one...huh, gonna have to watch those .RAR files from now on..lol...always hated that format anyway.
Nodsu said:
Buffer overflows are the oldest trick in the book..Even if you can forgive the programmer writing sloppy code (tight schedules and the pressure to get it done make us all cut corners), one cannot understand how there are no security audits and other procedures to detect such bugs even before the products are released.In theory all software should survive all faulty input, but that's only theory of course. But if you are writing security software, then "trust nothing" should be your first priority and strictly implemented in practice.
philop88 said:
Major blow to a company so well established
Subservient said:
Well, I'm not surprised. Everybody new that Symantec had to f*ck up some time :). The thing that sucks, is i'm using Norton lol.Why doesn't Symantec simply fix the .dll and release it in an update?
mentaljedi said:
Symantec isn't great in my opinion, so i've stopped using it recently. I'm currently not using one but i am running on trail versions of different software to find what i find is good. So far, i'm split between AVG and Mcafeee. I'll probably go for the latter.
brownpaper said:
Slower performance and bigger resources, and now a major vulnerabilty. Why use Norton?
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.