TUCoPS :: Security App Flaws :: tb11610.htm

Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability
ZDI-07-040: Symantec AntiVirus Engine CAB Parsing Heap Overflow Vulnerability



WkRJLTA3LTA0MDogU3ltYW50ZWMgQW50aVZpcnVzIEVuZ2luZSBDQUIgUGFyc2luZyBIZWFwIE92
ZXJmbG93DQogICAgICAgICAgICBWdWxuZXJhYmlsaXR5DQpodHRwOi8vd3d3Lnplcm9kYXlpbml0
aWF0aXZlLmNvbS9hZHZpc29yaWVzL1pESS0wNy0wNDAuaHRtbA0KSnVseSAxMiwgMjAwNw0KDQot
LSBDVkUgSUQ6DQpDVkUtMjAwNy0wNDQ3DQoNCi0tIEFmZmVjdGVkIFZlbmRvcjoNClN5bWFudGVj
DQoNCi0tIEFmZmVjdGVkIFByb2R1Y3RzOg0KU3ltYW50ZWMgQW50aVZpcnVzIEVuZ2luZQ0KDQot
LSBUaXBwaW5nUG9pbnQoVE0pIElQUyBDdXN0b21lciBQcm90ZWN0aW9uOg0KVGlwcGluZ1BvaW50
IElQUyBjdXN0b21lcnMgaGF2ZSBiZWVuIHByb3RlY3RlZCBhZ2FpbnN0IHRoaXMNCnZ1bG5lcmFi
aWxpdHkgc2luY2UgTm92ZW1iZXIgMzAsIDIwMDYgYnkgRGlnaXRhbCBWYWNjaW5lIHByb3RlY3Rp
b24NCmZpbHRlciBJRCA0ODc1LiBGb3IgZnVydGhlciBwcm9kdWN0IGluZm9ybWF0aW9uIG9uIHRo
ZSBUaXBwaW5nUG9pbnQgSVBTOg0KDQogICAgaHR0cDovL3d3dy50aXBwaW5ncG9pbnQuY29tIA0K
DQotLSBWdWxuZXJhYmlsaXR5IERldGFpbHM6DQpUaGlzIHZ1bG5lcmFiaWxpdHkgYWxsb3dzIHJl
bW90ZSBhdHRhY2tlcnMgdG8gZXhlY3V0ZSBhcmJpdHJhcnkgY29kZSBvbg0Kc3lzdGVtcyB3aXRo
IGFmZmVjdGVkIGluc3RhbGxhdGlvbnMgb2YgU3ltYW50ZWMncyBBbnRpVmlydXMgRW5naW5lLg0K
VXNlciBpbnRlcmFjdGlvbiBpcyBub3QgcmVxdWlyZWQgdG8gZXhwbG9pdCB0aGlzIHZ1bG5lcmFi
aWxpdHkuDQoNClRoZSBzcGVjaWZpYyBmbGF3IGV4aXN0cyBkdXJpbmcgdGhlIHByb2Nlc3Mgb2Yg
c2Nhbm5pbmcgbXVsdGlwbGUNCm1hbGljaW91c2x5IGZvcm1hdHRlZCBDQUIgYXJjaGl2ZXMuIFRo
ZSBwYXJzaW5nIHJvdXRpbmUgaW1wbGljaXRseQ0KdHJ1c3RzIGNlcnRhaW4gdXNlci1zdXBwbGll
ZCB2YWx1ZXMgdGhhdCBjYW4gcmVzdWx0IGluIGFuIGV4cGxvaXRhYmxlDQpoZWFwIGNvcnJ1cHRp
b24uDQoNCi0tIFZlbmRvciBSZXNwb25zZToNClN5bWFudGVjIGhhcyBpc3N1ZWQgYW4gdXBkYXRl
IHRvIGNvcnJlY3QgdGhpcyB2dWxuZXJhYmlsaXR5LiBNb3JlDQpkZXRhaWxzIGNhbiBiZSBmb3Vu
ZCBhdDoNCg0KICAgIGh0dHA6Ly93d3cuc3ltYW50ZWMuY29tL2F2Y2VudGVyL3NlY3VyaXR5L0Nv
bnRlbnQvMjAwNy4wNy4xMWYuaHRtbA0KDQotLSBEaXNjbG9zdXJlIFRpbWVsaW5lOg0KMjAwNi4x
MS4wOSAtIFZ1bG5lcmFiaWxpdHkgcmVwb3J0ZWQgdG8gdmVuZG9yDQoyMDA2LjExLjMwIC0gRGln
aXRhbCBWYWNjaW5lIHJlbGVhc2VkIHRvIFRpcHBpbmdQb2ludCBjdXN0b21lcnMNCjIwMDcuMDcu
MTIgLSBDb29yZGluYXRlZCBwdWJsaWMgcmVsZWFzZSBvZiBhZHZpc29yeQ0KDQotLSBDcmVkaXQ6
DQpUaGlzIHZ1bG5lcmFiaWxpdHkgd2FzIGRpc2NvdmVyZWQgYnkgYW4gYW5vbnltb3VzIHJlc2Vh
cmNoZXIuDQoNCi0tIEFib3V0IHRoZSBaZXJvIERheSBJbml0aWF0aXZlIChaREkpOg0KRXN0YWJs
aXNoZWQgYnkgVGlwcGluZ1BvaW50LCBhIGRpdmlzaW9uIG9mIDNDb20sIFRoZSBaZXJvIERheSBJ
bml0aWF0aXZlDQooWkRJKSByZXByZXNlbnRzIGEgYmVzdC1vZi1icmVlZCBtb2RlbCBmb3IgcmV3
YXJkaW5nIHNlY3VyaXR5DQpyZXNlYXJjaGVycyBmb3IgcmVzcG9uc2libHkgZGlzY2xvc2luZyBk
aXNjb3ZlcmVkIHZ1bG5lcmFiaWxpdGllcy4NCg0KUmVzZWFyY2hlcnMgaW50ZXJlc3RlZCBpbiBn
ZXR0aW5nIHBhaWQgZm9yIHRoZWlyIHNlY3VyaXR5IHJlc2VhcmNoDQp0aHJvdWdoIHRoZSBaREkg
Y2FuIGZpbmQgbW9yZSBpbmZvcm1hdGlvbiBhbmQgc2lnbi11cCBhdDoNCg0KICAgIGh0dHA6Ly93
d3cuemVyb2RheWluaXRpYXRpdmUuY29tDQoNClRoZSBaREkgaXMgdW5pcXVlIGluIGhvdyB0aGUg
YWNxdWlyZWQgdnVsbmVyYWJpbGl0eSBpbmZvcm1hdGlvbiBpcyB1c2VkLg0KM0NvbSBkb2VzIG5v
dCByZS1zZWxsIHRoZSB2dWxuZXJhYmlsaXR5IGRldGFpbHMgb3IgYW55IGV4cGxvaXQgY29kZS4N
Ckluc3RlYWQsIHVwb24gbm90aWZ5aW5nIHRoZSBhZmZlY3RlZCBwcm9kdWN0IHZlbmRvciwgM0Nv
bSBwcm92aWRlcyBpdHMNCmN1c3RvbWVycyB3aXRoIHplcm8gZGF5IHByb3RlY3Rpb24gdGhyb3Vn
aCBpdHMgaW50cnVzaW9uIHByZXZlbnRpb24NCnRlY2hub2xvZ3kuIEV4cGxpY2l0IGRldGFpbHMg
cmVnYXJkaW5nIHRoZSBzcGVjaWZpY3Mgb2YgdGhlDQp2dWxuZXJhYmlsaXR5IGFyZSBub3QgZXhw
b3NlZCB0byBhbnkgcGFydGllcyB1bnRpbCBhbiBvZmZpY2lhbCB2ZW5kb3INCnBhdGNoIGlzIHB1
YmxpY2x5IGF2YWlsYWJsZS4gRnVydGhlcm1vcmUsIHdpdGggdGhlIGFsdHJ1aXN0aWMgYWltIG9m
DQpoZWxwaW5nIHRvIHNlY3VyZSBhIGJyb2FkZXIgdXNlciBiYXNlLCAzQ29tIHByb3ZpZGVzIHRo
aXMgdnVsbmVyYWJpbGl0eQ0KaW5mb3JtYXRpb24gY29uZmlkZW50aWFsbHkgdG8gc2VjdXJpdHkg
dmVuZG9ycyAoaW5jbHVkaW5nIGNvbXBldGl0b3JzKQ0Kd2hvIGhhdmUgYSB2dWxuZXJhYmlsaXR5
IHByb3RlY3Rpb24gb3IgbWl0aWdhdGlvbiBwcm9kdWN0Lg0KDQoNCkNPTkZJREVOVElBTElUWSBO
T1RJQ0U6IFRoaXMgZS1tYWlsIG1lc3NhZ2UsIGluY2x1ZGluZyBhbnkgYXR0YWNobWVudHMsCmlz
IGJlaW5nIHNlbnQgYnkgM0NvbSBmb3IgdGhlIHNvbGUgdXNlIG9mIHRoZSBpbnRlbmRlZCByZWNp
cGllbnQocykgYW5kCm1heSBjb250YWluIGNvbmZpZGVudGlhbCwgcHJvcHJpZXRhcnkgYW5kL29y
IHByaXZpbGVnZWQgaW5mb3JtYXRpb24uCkFueSB1bmF1dGhvcml6ZWQgcmV2aWV3LCB1c2UsIGRp
c2Nsb3N1cmUgYW5kL29yIGRpc3RyaWJ1dGlvbiBieSBhbnkgCnJlY2lwaWVudCBpcyBwcm9oaWJp
dGVkLiAgSWYgeW91IGFyZSBub3QgdGhlIGludGVuZGVkIHJlY2lwaWVudCwgcGxlYXNlCmRlbGV0
ZSBhbmQvb3IgZGVzdHJveSBhbGwgY29waWVzIG9mIHRoaXMgbWVzc2FnZSByZWdhcmRsZXNzIG9m
IGZvcm0gYW5kCmFueSBpbmNsdWRlZCBhdHRhY2htZW50cyBhbmQgbm90aWZ5IDNDb20gaW1tZWRp
YXRlbHkgYnkgY29udGFjdGluZyB0aGUKc2VuZGVyIHZpYSByZXBseSBlLW1haWwgb3IgZm9yd2Fy
ZGluZyB0byAzQ29tIGF0IHBvc3RtYXN0ZXJAM2NvbS5jb20uIAo

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH