iDefense Security Advisory 02.26.08 - Remote exploitation of a Denial of Service vulnerability in Symantec Scan Engine version 5.1.2 could allow an unauthenticated attacker to create a denial of service (DoS) condition. Symantec Scan Engine listens on TCP port 1344 to accept files for scanning using the Internet Content Adaptation Protocol (ICAP). If the service is sent a malformed RAR file, the service will consume massive amounts of memory. This can result in a denial of service condition for the application and operating system. iDefense confirmed the existence of this vulnerability in Symantec Scan Engine 5.1.2. This issue affects both the Windows and Linux builds of the product. Previous versions are suspected to be vulnerable.
a8d0c9bb8554be518607891bdcf3d22cf2d57140317ed7203d41bd4eb3437307