CVE-2007-3699

Severity

93%

Complexity

86%

Confidentiality

165%

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Symantec

First reported 17 years ago

2007-10-05 21:17:00

Last updated 12 years ago

2012-10-31 02:39:00

Affected Software

Symantec AntiVirus Scan Engine 4.0

4.0

Symantec AntiVirus Scan Engine 4.1

4.1

Symantec AntiVirus Scan Engine 4.1.8

4.1.8

Symantec AntiVirus Scan Engine 4.3

4.3

Symantec AntiVirus Scan Engine 4.3.3

4.3.3

Symantec Symantec AntiVirus Scan Engine 4.3.7.27

4.3.7.27

Symantec AntiVirus Scan Engine 4.3 build4.3.8.29

4.3.8.29

Symantec AntiVirus Scan Engine 4.3.12

4.3.12

Symantec AntiVirus Scan Engine 5.0

5.0

Symantec AntiVirus Scan Engine 5.0.1

5.0.1

Symantec BrightMail AntiSpam 4.0

4.0

Symantec BrightMail AntiSpam 5.5

5.5

Symantec BrightMail AntiSpam 6.0

6.0

Symantec BrightMail AntiSpam 6.0.1

6.0.1

Symantec BrightMail AntiSpam 6.0.2

6.0.2

Symantec BrightMail AntiSpam 6.0.3

6.0.3

Symantec BrightMail AntiSpam 6.0.4

6.0.4

Symantec Client Security 2.0

2.0

Symantec Client Security 2.0.1 MR1_b9.0.1.1000

2.0.1_build_9.0.1.1000

Symantec Client Security 2.0.2 MR2_b9.0.2.1000

2.0.2_build_9.0.2.1000

Symantec Client Security 2.0.3 MR3_b9.0.3.1000

2.0.3_build_9.0.3.1000

Symantec Client Security 2.0.4

2.0.4

Symantec Client Security 2.0.5 build1100

2.0.5_build_1100_mp1

Symantec Client Security 2.0.6 MR6

2.0.6

Symantec Client Security 3.0

3.0

Symantec Client Security 3.0.0.359

3.0.0.359

Symantec Client Security 3.0.1.1000

3.0.1.1000

Symantec Client Security 3.0.1.1001

3.0.1.1001

Symantec Client Security 3.0.1.1007

3.0.1.1007

Symantec Client Security 3.0.1.1008

3.0.1.1008

Symantec Client Security 3.0.2.2000

3.0.2.2000

Symantec Client Security 3.0.2.2001

3.0.2.2001

Symantec Client Security 3.0.2.2002

3.0.2.2002

Symantec Client Security 3.0.2.2010

3.0.2.2010

Symantec Client Security 3.0.2.2011

3.0.2.2011

Symantec Client Security 3.0.2.2020

3.0.2.2020

Symantec Client Security 3.0.2.2021

3.0.2.2021

Symantec Client Security 3.1.394

3.1.394

Symantec Client Security 3.1.396

3.1.396

Symantec Client Security 3.1.400

3.1.400

Symantec Mail Security 4.0 Domino Edition

4.0

Symantec Mail Security 4.5 build719 Exchange

4.5_build_719

Symantec Mail Security 4.5 build736 Microsoft Exchange

4.5_build_736

Symantec Mail Security 4.5 build741 Microsoft Exchange

4.5_build_741

Symantec Mail Security 4.6 build97 Microsoft Exchange

4.6_build_97

Symantec AntiVirus 9.0.4 MR4_build_1000 Corporate Edition

9.0.4

Symantec Norton Internet Security 2004 Professional Edition

2004

Symantec Symantec Web Security 3.0.1.59

3.01.59

Symantec Symantec Web Security 3.0.1.60

3.01.60

Symantec Symantec Web Security 3.0.1.61

3.01.61

Symantec Symantec Web Security 3.0.1.62

3.01.62

Symantec Symantec Web Security 3.0.1.63

3.01.63

Symantec Symantec Web Security 3.0.1.67

3.01.67

Symantec Symantec Web Security 3.0.1.68

3.01.68

Symantec Mail Security 8820 Appliance

References

36119

26053

Vendor Advisory

http://securityresponse.symantec.com/avcenter/security/Content/2007.07.11f.html

Patch

24282

ADV-2007-2508

http://www.zerodayinitiative.com/advisories/ZDI-07-039.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.