Symantec Fixes Email Security Software Bug

Mail Security for SMTP software

By creating and sending an e-mail with malformed headers, a remote attacker could trigger a buffer overflow in the software, allowing them to execute malicious code with system privileges, according to a Thursday Symantec Deepsight Threat Management System advisory.

Symantec is investigating but has yet to confirm the vulnerability, which affects Mail Security for SMTP 5.0 and was reported by a third party, according to the advisory.

An earlier patch for Mail Security for SMTP 5.0 reportedly fixes the issue and is available on Symantec's support Website.

Danish security research firm Secunia said the flaw was 'highly critical,' its second highest severity rating, while Symantec Deepsight said it was 8.9 on a 10 point scale.

Sponsored post

Released last April, Symantec Mail Security for SMTP 5.0 marries antispam technology from the Cupertino, Calif.-based vendor's 2004 acquisition of Brightmail with Symantec's own antivirus, content filtering and message tracking technologies. The software brings these features together under a single management umbrella and also provides protection against phishing and data leakage.