also @ TechSpot: Qualcomm shows off Mirasol, 1.5-inch panel shipping in products soon

RAR vulnerability reported for antivirus software

By Derek Sooman

On December 22, 2005, 11:43 AM

A problem with RAR compressed files in Symantec's antivirus software has been rated as a critical vulnerability. If this problem is exploited, the anti-virus software could actually let in the kinds of malware that it is designed to identify and block. RAR files are commonly used by remote hackers to deliver viruses to people's machines. As a result, most anti virus software now scans the contents of these files by default. However...

...according to Wheeler, there is a problem with a boundary error in the file Dec2Rar.dll version 3.2.14.3 used by a wide number of Symantec products. When Symantec opens the files to examine the contents there are unchecked 16bit length fields in RAR sub-block header types. During the decompression of RAR files Symantec antivirus software is vulnerable to multiple heap overflows. As a result, an attacker could be able to gain control of the system being protected.
Seemingly, this can lead to unauthorised control of data and related privileges by attackers, and affects almost the entire range of Symantec anti virus products.

No tags on this story

10 comments

User Comments: 10

Got something to say? Post a comment
  1. December 22, 2005 12:39 PM
    PanicX said:
    Congratulations Symantec on another job well done. Not only can you manage to make your products ineffective, resource intensive and data destructive, but you can hand out a key to the back door at the same time.I can't help but wonder if this attack would also work against the symantec firewall/vpn anti-virus as well.
    Reply
  2. December 22, 2005 1:48 PM
    Eleventeen said:
    Wonderful... Ive been using their antivirus software for around 2 years now. I really have been thinking of switching to something better but nothing really modivated me to do it. This really has changed my mind, looks like its time for a new AV.
    Reply
  3. December 22, 2005 2:23 PM
    MonkeyMan said:
    Well, the best security, in my opinion, is McAfee. Their security system keeps out the Hackfreaks, and keeps your PC clean and running smooth, without any intrusions. That's what I would recommend. Thats very unfortunate for symantec, their software sales are destined to go lower because of this. I hope not, but I'm guessing they'll be able to fix this.
    Reply
  4. December 22, 2005 2:26 PM
    cyrax said:
    I've stopped using symantics stuff so long ago its become a memory.better of using kaspersky, panda or if you are cash strapped avg or even avast!.these are the hallmarks of quality.
    Reply
  5. December 22, 2005 2:31 PM
    nathanskywalker said:
    [b]Originally posted by MonkeyMan:[/b][quote]Well, the best security, in my opinion, is McAfee. Their security system keeps out the Hackfreaks, and keeps your PC clean and running smooth, without any intrusions. That's what I would recommend. Thats very unfortunate for symantec, their software sales are destined to go lower because of this. I hope not, but I'm guessing they'll be able to fix this.[/quote] Exactly. And did i mention that norton antivi really...bites the big one...huh, gonna have to watch those .RAR files from now on..lol...always hated that format anyway.
    Reply
  6. December 22, 2005 2:53 PM
    Nodsu said:
    Buffer overflows are the oldest trick in the book..Even if you can forgive the programmer writing sloppy code (tight schedules and the pressure to get it done make us all cut corners), one cannot understand how there are no security audits and other procedures to detect such bugs even before the products are released.In theory all software should survive all faulty input, but that's only theory of course. But if you are writing security software, then "trust nothing" should be your first priority and strictly implemented in practice.
    Reply
  7. December 23, 2005 7:59 AM
    philop88 said:
    Major blow to a company so well established
    Reply
  8. December 23, 2005 8:27 AM
    Subservient said:
    Well, I'm not surprised. Everybody new that Symantec had to f*ck up some time . The thing that sucks, is i'm using Norton lol.Why doesn't Symantec simply fix the .dll and release it in an update?
    Reply
  9. December 24, 2005 5:25 PM
    mentaljedi said:
    Symantec isn't great in my opinion, so i've stopped using it recently. I'm currently not using one but i am running on trail versions of different software to find what i find is good. So far, i'm split between AVG and Mcafeee. I'll probably go for the latter.
    Reply
  10. December 27, 2005 9:03 AM
    brownpaper said:
    Slower performance and bigger resources, and now a major vulnerabilty. Why use Norton?
    Reply

Recently commented stories

Post a new comment

Social Login & Guest Posting TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Featured on Cameras

Downloads and Drivers

Downloads   Drivers  

SketchUp 13.0.3689

AceText 3.1.2

SynWrite 5.5.406

LinkAssistant SEO Tool 4.10

SpeedUpMyPC 5.3.8.0

More Downloads

Latest Discussion

How do I begin to build a custom computer? 13 replies on Other Hardware

Keyboard/Mouse Problems 5 replies on Other Hardware

How did my Windows key become disabled? 9 replies on Other Hardware

Facebook won't load 6 replies on Storage and Networking

For LinkedKube :) 16 replies on Overclocking, Cooling and Modding

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.