Vulnerabilities found in AntiVir and avast!.
Security defects in two anti-virus products have been reported by security watch company
Secunia
in the last week. While the
AntiVir
flaw involved data gathered by the update process,
avast!
‘s problem was an overflow issue in the detection engine.
Avira
‘s
AntiVir PersonalEdition 7.0 build 151 (Classic)
is confirmed to have suffered the vulnerability, and other versions may also be affected. The problem, in the way the product’s updater program takes in data for its progress bar, could be exploited by a local user placing the right data into the right memory location, and could be used to gain admin access to the machine.
The
avast!
bug was an overflow allowed by a fault in the handling of LHA archives, which could be exploited using specially crafted files and could allow arbitrary code execution. It affects versions of the engine earlier than 4.7.869 for desktops and 4.7.660 for servers. The flaw was first found in July, and later updates are thought to contain a fix for the problem.
Secunia
‘s
AntiVir
alert is available
here
, while the
avast!
alert is
here
. The original research into the
avast!
problem is in
this PDF
.
Posted on 11 September 2006 by
Virus Bulletin
Leave a Reply