This host is installed with Symantec Product and is prone to memory corruption vulnerability.

Successful exploitation could allow remote attackers to execute arbitrary code or can cause a denial of service via a crafted CAB file. Impact Level: System/Application

Upgrade to Symantec Endpoint Protection (SEP) version 12.1 or later For updates refer to http://www.symantec.com/business/support/index?page=content&id=TECH163602 ***** NOTE: Ignore this warning if patch or mentioned workaround is applied already. For patch or workaround refer to http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00 *****

The decomposer engine in Symantec Products fails to perform bounds checking when parsing files from CAB archives.

Symantec Endpoint Protection (SEP) version 11.x Symantec Endpoint Protection Small Business Edition version 12.0.x Symantec AntiVirus Corporate Edition (SAVCE) version 10.x

• http://secunia.com/advisories/49248/
• http://www.kb.cert.org/vuls/id/985625
• http://www.osvdb.org/87403
• http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20121107_00

---

Updated on 2015-03-25