08-30-2011 12:33 PM
Hey everyone,
Earlier today a TechAlert was announced for all versions of Enterprise Vault that uses Stellant Outside In converters made by Oracle.
At issue is the ability to run a Denial Of Service attack as well as run arbitrary code when the Converters attempt to convert malicious email.attachments
Symantec issued hotfixes for EV8 SP5, EV9 base, EV9 SP1, EV9 SP2 and EV10.
Along with the updated path to fix the vulnerabilities is a performance hotfix for the Converters when handling certain types of Excel files
The techalert is published here:
http://www.symantec.com/business/support/index?page=content&id=TECH167455
US Cert published two sets of vulnerability guidance’s here:
http://www.kb.cert.org/vuls/id/103425
http://www.kb.cert.org/vuls/id/520721
Files that are vulnerable are:
Lotus 123 files
CorelDRAW files
Microsoft CAB files
A list of other vendors that use Stellant Outside in and are vulnerable are:
AccessData
ACD Systems International
Avantstar
Cisco Systems, Inc.
Dell Computer Corporation, Inc.
Good Technology
Guidance Software, Inc.
Hewlett-Packard Company
IBM Corporation
Kamel Software
kcura
Kroll Ontrack Inc
Lexmark International
Lucion
MarkLogic Corporation
McAfee
Microsoft Corporation
Motorola, Inc.
NewSoft America Inc
Novell, Inc.
Oracle Corporation
Paraben Corporation
Perlustro
Sharp Electronics Corporation
Stellent
Sun Microsystems, Inc.
Symantec
Westlaw
Windream gmbh
X1 Technologies Inc.
08-31-2011 12:32 AM
Hello JW, I believe this is worth a sticky post?