Symantec Decomposer Engine Multiple Parsing Vulnerabilities
Just a quick note to Info Tech Service Providers and IT Service Desk Teams to make you aware of a recent announcement by Symantec and US-CERT about a vulnerability with the Symantec Decomposer Engine.
According to Symantec, parsing of maliciously-formatted container files may cause memory corruption, integer overflow or buffer overflow in Symantec’s Decomposer engine. Successful exploitation of these vulnerabilities typically results in an application-level denial of service but could result in arbitrary code execution. An attacker could potentially run arbitrary code by sending a specially crafted file to a user.
This issue was resolved via a maintenance patch release to the Symantec Endpoint Protection (SEP) client software for Microsoft Windows OS. Windows SEP clients updated to at least version 12.1.7004.6500 (aka 12.1.6 MP5) will be protected against this vulnerability.
How can I verify that my client has been patched?
Symantec Endpoint Protection (SEP) client running version 12.1.7004.6500 will have already received this update. Marshall University has updated our campus software distribution points to make this latest release available via background update to all currently managed clients. The update will require a reboot of the client computer in order to complete the upgrade process.
IT Information Security team will be working with IT Service Desk team to identify and remediate any SEP clients with out of date software versions. Please report any unresolved background update issues via MU Support ticket or an e-mail to firstname.lastname@example.org.
- Security Advisories Relating to Symantec Products – Symantec Decomposer Engine Multiple Parsing Vulnerabilities
- Symantec Releases Security Update
Symantec has released security updates to address vulnerabilities in multiple products. Exploitation of some of these vulnerabilities may allow an attacker to take control of an affected system and cause a denial-of-service condition. Users and administrators are encouraged to review Symantec Security Advisories SYM16-010(link is external) and SYM16-011(link is external) and apply the necessary updates.
Thank you for your continued attention to information security,
Jon B. Cutler, MS, CISSP
Chief Information Security Officer
Marshall University, Division of Information Technology
Drinko Library 324, 1 John Marshall Drive, Huntington, WV 25755
Phone: (304) 696-3270, @joncutler | BeHerd Feedback