CVE-2008-0309

iDEFENSE Security Advisory 2008-02-26.2

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Stack-based buffer overflow in Symantec Decomposer, as used in certain Symantec antivirus products including Symantec Scan Engine 5.1.2 and other versions before 5.1.6.31, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed RAR file to the Internet Content Adaptation Protocol (ICAP) port (1344/tcp).

Vulnerabilidad de Desbordamiento de búfer basado en pila en Symantec Decomposer incluído en productos como Symantec Scan Engine 5.1.2 y versiones anteriores a 5.1.6.31, que permite a atacantes remotos ejecutar código de su elección o causar una denegación de servicio (caída de aplicación) a través de un fichero RAR mal formado al puerto (1344/tcp) Internet Content Adaptation Protocol (ICAP)

Remote exploitation of a stack based buffer overflow vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to execute arbitrary code with the privileges of the scan engine process. Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a specially malformed RAR file, a stack-based buffer overflow will occur. iDefense has confirmed this vulnerability in the Linux build of the Symantec Scan Engine version 5.1.2. This issue does not affect the Windows build of the product. Previous versions are suspected to be vulnerable.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-01-16 CVE Reserved
2008-02-27 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CAPEC

References (6)

URL	Tag	Source
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=667	Third Party Advisory
http://www.securityfocus.com/bid/27913	Vdb Entry
http://www.securitytracker.com/id?1019503	Vdb Entry
http://www.symantec.com/avcenter/security/Content/2008.02.27.html	X_refsource_confirm
http://www.vupen.com/english/advisories/2008/0680	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/29140	2011-03-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"		Scan Engine Search vendor "Symantec" for product "Scan Engine"				<= 5.1.4.24 Search vendor "Symantec" for product "Scan Engine" and version " <= 5.1.4.24"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Filtering Domino Mpe Search vendor "Symantec" for product "Symantec Antivirus Filtering Domino Mpe"				<= 3.0.12 Search vendor "Symantec" for product "Symantec Antivirus Filtering Domino Mpe" and version " <= 3.0.12"		aix		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Filtering Domino Mpe Search vendor "Symantec" for product "Symantec Antivirus Filtering Domino Mpe"				<= 3.0.12 Search vendor "Symantec" for product "Symantec Antivirus Filtering Domino Mpe" and version " <= 3.0.12"		linux		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Filtering Domino Mpe Search vendor "Symantec" for product "Symantec Antivirus Filtering Domino Mpe"				<= 3.0.12 Search vendor "Symantec" for product "Symantec Antivirus Filtering Domino Mpe" and version " <= 3.0.12"		solaris		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Network Attached Storage Search vendor "Symantec" for product "Symantec Antivirus Network Attached Storage"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Network Attached Storage" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Scan Engine Search vendor "Symantec" for product "Symantec Antivirus Scan Engine"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Scan Engine" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Scan Engine Caching Search vendor "Symantec" for product "Symantec Antivirus Scan Engine Caching"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Scan Engine Caching" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Scan Engine Clearswift Search vendor "Symantec" for product "Symantec Antivirus Scan Engine Clearswift"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Scan Engine Clearswift" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Scan Engine For Microsoft Sharepoint Search vendor "Symantec" for product "Symantec Antivirus Scan Engine For Microsoft Sharepoint"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Scan Engine For Microsoft Sharepoint" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Scan Engine For Ms Isa Search vendor "Symantec" for product "Symantec Antivirus Scan Engine For Ms Isa"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Scan Engine For Ms Isa" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Antivirus Scan Engine Messaging Search vendor "Symantec" for product "Symantec Antivirus Scan Engine Messaging"				<= 4.3.16.39 Search vendor "Symantec" for product "Symantec Antivirus Scan Engine Messaging" and version " <= 4.3.16.39"		-		Affected
Symantec Search vendor "Symantec"		Symantec Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Symantec Mail Security For Microsoft Exchange"				<= 4.6.5.12 Search vendor "Symantec" for product "Symantec Mail Security For Microsoft Exchange" and version " <= 4.6.5.12"		-		Affected
Symantec Search vendor "Symantec"		Symantec Mail Security For Microsoft Exchange Search vendor "Symantec" for product "Symantec Mail Security For Microsoft Exchange"				<= 5.0.4.363 Search vendor "Symantec" for product "Symantec Mail Security For Microsoft Exchange" and version " <= 5.0.4.363"		-		Affected