cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

FYI: TechAlert for the EVConverterSandbox

JesusWept3
Level 6
Partner Accredited Certified

‎08-30-2011 12:33 PM

Hey everyone,
Earlier today a TechAlert was announced for all versions of Enterprise Vault that uses Stellant Outside In converters made by Oracle.
At issue is the ability to run a Denial Of Service attack as well as run arbitrary code when the Converters attempt to convert malicious email.attachments

Symantec issued hotfixes for EV8 SP5, EV9 base, EV9 SP1, EV9 SP2 and EV10.
Along with the updated path to fix the vulnerabilities is a performance hotfix for the Converters when handling certain types of Excel files

The techalert is published here:
http://www.symantec.com/business/support/index?page=content&id=TECH167455

US Cert published two sets of vulnerability guidance’s here:
http://www.kb.cert.org/vuls/id/103425
http://www.kb.cert.org/vuls/id/520721

Files that are vulnerable are:
Lotus 123 files
CorelDRAW files
Microsoft CAB files

A list of other vendors that use Stellant Outside in and are vulnerable are:
AccessData
ACD Systems International
Avantstar
Cisco Systems, Inc.
Dell Computer Corporation, Inc.
Good Technology
Guidance Software, Inc.
Hewlett-Packard Company
IBM Corporation
Kamel Software
kcura
Kroll Ontrack Inc
Lexmark International
Lucion
MarkLogic Corporation
McAfee
Microsoft Corporation
Motorola, Inc.
NewSoft America Inc
Novell, Inc.
Oracle Corporation
Paraben Corporation
Perlustro
Sharp Electronics Corporation
Stellent
Sun Microsystems, Inc.
Symantec
Westlaw
Windream gmbh
X1 Technologies Inc.

https://www.linkedin.com/in/alex-allen-turl-07370146
1 REPLY 1

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

‎08-31-2011 12:32 AM

Hello JW, I believe this is worth a sticky post?

Regards. Gertjan
0 Kudos