Maybe you've heard that a gaggle of Symantec products were hit by a heap overflow in the past day or two. Just for some background, Alex Wheeler is the researcher responsible for finding this particular flaw, and as they say in New England, he's "wicked smaht".
Now that the props are out of the way, here's the lowdown on the bug: in the RAR processing of a scanned file, there's a heap overflow that can be exploited to run arbitrary code. Since the bug is in the library that's shared by the majority of the Symantec products, almost all of the Norton and SAV products are impacted. Trying to surgically disable the RAR processing functionality in these products is a nightmare. Not good news if you're running a SYMC product...
Posted by Ed at December 21, 2005 08:30 PM