Published:2005/05/12  Last Updated:2008/05/21

JVN#8EDB8A96
Virus Security heap overflow vulnerability

Overview

SourceNext Virus Security has a problem in the email processing. It is affected by a heap overflow vulnerability when receiving specially crafted emails.

Products Affected

  • 2.0.0.9 (K7SpmSrc.exe) and earlier
  • (Virus Security version 7.7.1120 and earlier)

Description

Impact

A remote attacker may cause a denial of service and execute arbitrary code with the Local System privilege.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
SOURCENEXT CORPORATION Vulnerable 2005/05/12

References

  1. LAC SNS Advisory No.81
    SourceNext Virus Security 2005 Heap Overflow

JPCERT/CC Addendum

Credit

Yuu Arai of LAC Co., Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2005-000769

Update History