More AV products suffer flaws

Posted by   Virus Bulletin on   Sep 11, 2006

Vulnerabilities found in AntiVir and avast!.

Security defects in two anti-virus products have been reported by security watch company Secunia in the last week. While the AntiVir flaw involved data gathered by the update process, avast!'s problem was an overflow issue in the detection engine.

Avira's AntiVir PersonalEdition 7.0 build 151 (Classic) is confirmed to have suffered the vulnerability, and other versions may also be affected. The problem, in the way the product's updater program takes in data for its progress bar, could be exploited by a local user placing the right data into the right memory location, and could be used to gain admin access to the machine.

The avast! bug was an overflow allowed by a fault in the handling of LHA archives, which could be exploited using specially crafted files and could allow arbitrary code execution. It affects versions of the engine earlier than 4.7.869 for desktops and 4.7.660 for servers. The flaw was first found in July, and later updates are thought to contain a fix for the problem.

Secunia's AntiVir alert is available here, while the avast! alert is here. The original research into the avast! problem is in this PDF.

Posted on 11 September 2006 by Virus Bulletin

 Tags

twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

 

Latest posts:

VBSpam tests to be executed under the AMTSO framework

VB is excited to announce that, starting from the Q3 test, all VBSpam tests of email security products will be executed under the AMTSO framework.

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.