Wednesday, April 09, 2008 2:30 PM
cmosby
Symantec Mail Security for Exchange Attachment Parsing Vulnerabilities - Advisories - Secunia
Symantec Mail Security for Exchange Attachment Parsing Vulnerabilities
Secunia Advisory:
SA27763
Release Date:
2008-04-08
Last Update:
2008-04-09
Critical:
Highly critical
Impact:
System access
Where:
From remote
Solution Status:
Unpatched
Software:
Symantec Mail Security for Microsoft Exchange 5.x
CVE reference:
CVE-2007-5405 (Secunia mirror)
CVE-2007-5406 (Secunia mirror)
CVE-2007-6020 (Secunia mirror)
Description:
Secunia Research has discovered some vulnerabilities in Symantec Mail Security for Exchange, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerabilities are caused due to various errors within the third-party Folio Flat File reader (foliosr.dll) and Applix Graphics reader (kpagrdr.dll) and can be exploited to cause buffer overflows when a specially crafted file is
checked.
For more information:
SA28209
Successful exploitation allows execution of arbitrary code, but requires that e.g. a policy is set up for scanning the contents of messages.
The vulnerabilities are confirmed in Symantec Mail Security for Exchange 5.0.7.373. Other versions may also be affected.
Solution:
Disable scanning of message content.
Provided and/or discovered by:
Dyon Balding, Secunia Research.
Changelog:
2008-04-09: Updated advisory based on additional information from the vendor.
Original Advisory:
SYM08-010:
http://securityresponse.symantec.com/avcenter/security/Content/2008.04.08e.html
Secunia Research:
http://secunia.com/secunia_research/2007-98/
http://secunia.com/secunia_research/2007-105/