Symantec RAR Decomposer Engine (Multiple Products) - Out-of-Bounds Read / Out-of-Bounds Write

EDB-ID:

40405

CVE:

2016-5310 2016-5309

EDB Verified:

Author:

Google Security Research

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2016-09-21

Vulnerable App: 
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=867

In issue 810 we pointed out to Symantec that they hadn't updated their unrar based unpacker for years, and it was vulnerable to dozens of publicly documented flaws.

I had expected Symantec to rebase on 5.4.2 (the latest version as of this writing), but they appear to have just backported fixes for the few issues I sent them.

Here are two known bugs in unrar that are fixed upstream, but not in Symantec's ancient code. If they continue to refuse to rebase, this might take a few iterations to shake the bugs out. Sigh.

As in issue 810, these are remote code execution vulnerabilities at the highest possible privilege level.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40405.zip
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services