3 matches found
CVE-2008-0308
CVE-2008-0308 affects Symantec Decomposer used in Symantec Scan Engine 5.1.2 and earlier versions up to 5.1.6.31. A specially crafted RAR file sent to ICAP port 1344 can cause memory exhaustion leading to DoS; some sources also mention possible arbitrary code execution under user privileges. Reme...
CVE-2012-4953
CVE-2012-4953 affects the legacy Symantec decomposer engine used by multiple products and versions: SEP 11.0, SEP SBE 12.0, SAVCE 10.x, and SSE before 5.2.8. The issue is improper bounds checking when parsing CAB archive contents, potentially allowing a remote attacker to crash the application or...
CVE-2008-0309
CVE-2008-0309 describes a stack-based buffer overflow in Symantec Decomposer used by Symantec Scan Engine and related products. When processing a malformed RAR file sent to ICAP port 1344/tcp, unauthenticated remote attackers could trigger arbitrary code execution or cause a denial of service. Af...