Skip to main content

Symantec Products OLE File Parsing Integer Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 8 Mar 2010 5520 Views

RISK: Medium Risk

A vulnerability has been identified in various Symantec products, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an integer overflow error in the Autonomy KeyView component, which could be exploited by attackers to execute arbitrary code via a malicious OLE document.


Impact

  • Remote Code Execution

System / Technologies affected

  • Symantec Mail Security for Domino versions 8.0.x
  • Symantec Mail Security for Domino versions 7.5.x
  • Symantec Mail Security for Microsoft Exchange versions 6.0.x
  • Symantec Mail Security for Microsoft Exchange versions 5.0.x
  • Symantec BrightMail Gateway versions 8.0.x
  • Symantec Mail Security for SMTP (EOL) versions 5.0.x
  • Symantec Data Loss Prevention Enforce/Detection Servers version 7.2
  • Symantec Data Loss Prevention Enforce/Detection Servers for Windows version 8.1.1
  • Symantec Data Loss Prevention Enforce/Detection Servers for Windows versions 9.x
  • Symantec Data Loss Prevention Enforce/Detection Servers for Windows versions 10.0
  • Symantec Data Loss Prevention Enforce/Detection Servers for Linux version 8.1.1
  • Symantec Data Loss Prevention Enforce/Detection Servers for Linux versions 9.x
  • Symantec Data Loss Prevention Enforce/Detection Servers for Linux versions 10.0
  • Symantec Data Loss Prevention Endpoint Agents version 8.1.1
  • Symantec Data Loss Prevention Endpoint Agents versions 9.x
  • Symantec Data Loss Prevention Endpoint Agents version 10.0
  • Symantec IM Manager 2007 versions 8.x

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Apply fixes :
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100304_00


Vulnerability Identifier


Source