Researchers flag Symantec Mail Security flaws Staff

Attackers could exploit "highly critical" vulnerabilities in Symantec Mail Security for SMTP, Exchange and Domino to cause a denial of service and compromise targeted machines, researchers warned over the weekend.

Danish vulnerability clearinghouse Secunia issued three advisories on the flaws, all of which it labeled "highly critical," its second-highest severity designation typically reserved for remotely exploitable flaws that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure,

    Requires Free Membership to View

Secunia notes on its Web site.

Secunia advisory SA27429 describes multiple vulnerabilities in Symantec Mail Security for Exchange due to various errors within certain third-party file viewers. Attackers could exploit the flaws to cause buffer overflows when a specially crafted file is checked. Secunia is not aware of patches for these issues, and recommended users disable scanning of message content as a precaution.

Secunia advisory SA27388 describes similar vulnerabilities in Symantec Mail Security for Domino. Secunia noted the flaws are not yet patched and offered the same advice as in SA27429.

Secunia advisory SA27367 describes similar vulnerabilities in Symantec Mail for SMTP, but notes that Symantec quietly fixed the SMTP variant of the flaw with Patch 181 and 182 for version 5.0.1.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: