Vulnerability in Symantec Antivirus_scan_engine
CVE-2007-3699
The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.
EPSS: 0.039 (88.9th percentile) — read the EPSS interpretation.
Affected products
- Symantec Antivirus_scan_engine — versions 4.0, 4.1, 4.1.8
- Symantec Brightmail_antispam — versions 4.0, 5.5, 6.0
- Symantec Client_security — versions 2.0, 2.0.1_build_9.0.1.1000, 2.0.2_build_9.0.2.1000
- Symantec Gateway_security_5000_series — versions 3.0.1
- Symantec Gateway_security_5400 — versions 2.0.1
- Symantec Mail_security — versions 4.0, 4.0.1, 4.1
- Symantec Mail_security_8820_appliance
- Symantec Norton_antivirus — versions 9.0, 9.0.0, 9.0.0.338
- Symantec Norton_internet_security — versions 3.0, 2004, 2005
- Symantec Norton_personal_firewall — versions 2006, 2006_9.1.0.33, 2006_9.1.1.7
References
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vdb-entry, x_refsource_VUPEN)
- cve@mitre.org (x_refsource_OSVDB, vdb-entry)
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_CONFIRM, Patch)
- cve@mitre.org (vdb-entry, x_refsource_BID)