Vulnerability Description
Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Scan Engine | <= 5.1.4.24 |
| Symantec | Symantec Antivirus Filtering Domino Mpe | <= 3.0.12 |
| Symantec | Symantec Antivirus Network Attached Storage | <= 4.3.16.39 |
| Symantec | Symantec Antivirus Scan Engine | <= 4.3.16.39 |
| Symantec | Symantec Antivirus Scan Engine Caching | <= 4.3.16.39 |
| Symantec | Symantec Antivirus Scan Engine Clearswift | <= 4.3.16.39 |
| Symantec | Symantec Antivirus Scan Engine For Microsoft Sharepoint | <= 4.3.16.39 |
| Symantec | Symantec Antivirus Scan Engine For Ms Isa | <= 4.3.16.39 |
| Symantec | Symantec Antivirus Scan Engine Messaging | <= 4.3.16.39 |
| Symantec | Symantec Mail Security For Microsoft Exchange | <= 4.6.5.12 |
Related Weaknesses (CWE)
References
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667
- http://secunia.com/advisories/29140Vendor Advisory
- http://www.securityfocus.com/bid/27913
- http://www.securitytracker.com/id?1019503
- http://www.symantec.com/avcenter/security/Content/2008.02.27.html
- http://www.vupen.com/english/advisories/2008/0680
- http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667
- http://secunia.com/advisories/29140Vendor Advisory
- http://www.securityfocus.com/bid/27913
- http://www.securitytracker.com/id?1019503
- http://www.symantec.com/avcenter/security/Content/2008.02.27.html
- http://www.vupen.com/english/advisories/2008/0680
FAQ
What is CVE-2008-0309?
CVE-2008-0309 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to e...
How severe is CVE-2008-0309?
CVE-2008-0309 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0309?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Scan Engine, Symantec Symantec Antivirus Filtering Domino Mpe, Symantec Symantec Antivirus Network Attached Storage, Symantec Symantec Antivirus Scan Engine, Symantec Symantec Antivirus Scan Engine Caching.