Critical Symantec flaws threaten Exchange e-mail

Summary:There are currently a number of "highly critical" unpatched security flaws in Symantec Mail Security for Microsoft Exchange versions 4.x, 5.x, and 6.x, according to Secunia.

There are currently a number of "highly critical" unpatched security flaws in Symantec Mail Security for Microsoft Exchange versions 4.x, 5.x, and 6.x, according to Secunia.

In an advisory published on Monday, Secunia warned that companies could suffer remote systems access and denial of service due to unpatched parsing vulnerabilities in Symantec Mail Security for Microsoft Exchange, caused by third-party file viewers.

"Multiple vulnerabilities have been discovered in Symantec Mail Security for Exchange, which can be exploited by malicious people to cause a DoS (denial of service) and compromise a vulnerable system," the advisory, SA27429, stated. "The vulnerabilities are caused due to various errors within certain third-party file viewers and can be exploited to cause buffer overflows when a specially crafted file is checked."

The vulnerabilities have been confirmed in Symantec Mail Security for Exchange version 5.0.7.373, but Secunia warned that other versions may also be affected.

Secunia is currently not aware of any available patches, and advises businesses to disable the scanning of message content, if enabled.

Symantec had not responded to a request for comment at the time of writing.

Topics: Collaboration, Microsoft, Security, Symantec

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.