In Response to: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application: Symantec Virus Detection(Free ActiveX) Vendors: http://security.symantec.com/sscv6/vc_scan.asp?langid=ie&venid=sym&plfid=23&pkj=WJDORSJRFSKLUKUMXCC&vc_scanstate=2 Platforms: Windows Bug: Buffer Overflow Risk: High - Running Arbitary Code Exploitation: Remote with browser Date: 1 Apr 2004 Author: Rafel Ivgi, The-Insider e-mail: the_insider mail com web: http://theinsider.deep-ice.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1) Introduction 2) Bugs 3) The Code ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------snip----------------------------------------------------------------------------- Symantec has closely reviewed our Symantec Security Check based on Rafel Ivgi's finding in the referenced posting. We have confirmed there is no buffer overflow and no remote code execution issue in the Symantec Security Check application. However, Symantec engineers were able to recreate a very low risk process crash given a sufficently large quanity of data passed to the function in question. Following this scenerio, a user who recently ran a virus/security scan using Symantec Security Check could possibly see their browser crash were they to visit a malicious web site that was able to successfully exploit that issue. In no instance would the attacker be able to execute any remote code on the user system nor would the attacker gain access to any unauthorized information on the user's system through an attack against Symantec's Security Check application. Symantec takes the security and functionality of our products very seriously and we are addressing the process crash issue in Symantec Security Check. Symantec will work closely in cooperation with anyone who feels they have found an issue in a Symantec product. Contact secure@symantec.com. Symantec Product Security Team secure@symantec.com http://www.symantec.com/security
