Critical Symantec flaws threaten Exchange e-mail

Critical Symantec flaws threaten Exchange e-mail

Summary: There are currently a number of "highly critical" unpatched security flaws in Symantec Mail Security for Microsoft Exchange versions 4.x, 5.x, and 6.x, according to Secunia.

SHARE:

There are currently a number of "highly critical" unpatched security flaws in Symantec Mail Security for Microsoft Exchange versions 4.x, 5.x, and 6.x, according to Secunia.

In an advisory published on Monday, Secunia warned that companies could suffer remote systems access and denial of service due to unpatched parsing vulnerabilities in Symantec Mail Security for Microsoft Exchange, caused by third-party file viewers.

"Multiple vulnerabilities have been discovered in Symantec Mail Security for Exchange, which can be exploited by malicious people to cause a DoS (denial of service) and compromise a vulnerable system," the advisory, SA27429, stated. "The vulnerabilities are caused due to various errors within certain third-party file viewers and can be exploited to cause buffer overflows when a specially crafted file is checked."

The vulnerabilities have been confirmed in Symantec Mail Security for Exchange version 5.0.7.373, but Secunia warned that other versions may also be affected.

Secunia is currently not aware of any available patches, and advises businesses to disable the scanning of message content, if enabled.

Symantec had not responded to a request for comment at the time of writing.

Topics: Collaboration, Microsoft, Security, Symantec

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion