Critical Symantec flaws threaten Exchange e-mail

There are currently a number of "highly critical" unpatched security flaws in Symantec Mail Security for Microsoft Exchange versions 4.x, 5.x, and 6.x, according to Secunia.

In an advisory published on Monday, Secunia warned that companies could suffer remote systems access and denial of service due to unpatched parsing vulnerabilities in Symantec Mail Security for Microsoft Exchange, caused by third-party file viewers.

"Multiple vulnerabilities have been discovered in Symantec Mail Security for Exchange, which can be exploited by malicious people to cause a DoS (denial of service) and compromise a vulnerable system," the advisory, SA27429, stated. "The vulnerabilities are caused due to various errors within certain third-party file viewers and can be exploited to cause buffer overflows when a specially crafted file is checked."

The vulnerabilities have been confirmed in Symantec Mail Security for Exchange version 5.0.7.373, but Secunia warned that other versions may also be affected.

Secunia is currently not aware of any available patches, and advises businesses to disable the scanning of message content, if enabled.

Symantec had not responded to a request for comment at the time of writing.