DetailsThe first vulnerability is related to the decomposition of RAR files. Modifying the RAR file header in a specific way, causes the decomposer to enter an infinite loop causing a Denial of Service.The second vulnerability is related to the decomposition of CAB files.
The Symantec Decomposer fails to perform proper bounds checks when copying from the CAB archive. This may result in the possibility of arbitary code execution on the vulnerable system.NOTE:.
Norton Utilities Source Code
Only currently supported Symantec Products will be updated. Customers using unsupported versions are encouraged to upgrade to a supported versionThis issue is a candidate for inclusion in the Common Vulnerabilities and Exposures (CVE) list , which standardizes names for security problems. The CVE initiative has assigned CVE-2007-3699 for the RAR issue and CVE-2007-0447 for the CAB file issue. Symantec responseSymantec engineers have verified and corrected these issues in all currently supported products. Updates are available for supported products. Symantec recommends customers apply the latest product update available for their supported product versions to enhance their security posture and protect against potential security threats of this nature.Product updates will be available from the Symantec support site: or via LiveUpdate when available.Symantec Norton product users who regularly launch and run LiveUpdate should already have received an updated (non-vulnerable) version of (product/component).