Vulnerabilities galore

May was a month of flaw revelations, with vulnerabilities being disclosed in the products of no fewer than nine security vendors.

May was a month of flaw revelations, with vulnerabilities being disclosed in the products of no fewer than nine security vendors.

At the start of the month details were revealed of a vulnerability affecting

Alwil

,

Avira

and

Panda

products. The flaw involved an error in the handling of the .zoo archive format, and could have been exploited to cause an infinite loop, resulting in extreme CPU utilization or even denial of service.

Avira

‘s

Antivir

product also suffered three further potentially exploitable vulnerabilities. These involved errors when processing LZH files, TAR files and UPX-compressed files.

Also in early May,

Trend Micro

released details of two buffer-overflow issues, which were thought to be exploitable only from the local system. More buffer overflows were reported in

McAfee

and

CA

products. In a wide range of

McAfee

products, a buffer overflow error in the Subscription Manager ActiveX control meant that it was possible for code to be executed from malicious websites, resulting in system compromise and remote access. A number of

CA

‘s anti-virus and anti-spyware products were affected by two buffer overflows. The vulnerabilities, which could only have been exploited from the local system, could have allowed escalated privileges.

A flaw revealed in the ActiveX control of some of

Symantec

‘s

Norton

products could also have been exploited by malicious websites to bypass security measures and allow remote access. It proved to be a tricky month all round for

Symantec

, with a false positive in its

Norton Anti-virus

product range rendering thousands of Chinese computers unusable after it flagged both netapi32.dll and lsasrv.dll as the Haxdoor backdoor trojan on certain Simplified Chinese language versions of

Windows XP SP2

. A number of enterprise customers are seeking compensation for losses incurred as a result of the disruption.

Back to the month’s vulnerabilities: a flaw was revealed by

FrSIRT

in open source security software

ClamAV

. The flaw, which resides in the OLE2 parser, is potentially exploitable to cause denial of service. At the time of writing no official patch is available.

Finally, the end of the month saw news of vulnerabilities in

Eset

and

F-Secure

products. Two stack-overflow vulnerabilities were disclosed in

Eset

‘s

NOD32 AntiVirus

product, while

F-Secure

revealed a buffer overflow relating to LHA archive handling in a number of its products.

With the exception of the

ClamAV

flaw, patches for all vulnerabilities were available prior to the announcements being made. As always,

VB

urges users to ensure they are running the latest versions.

Posted on 01 June 2007 by

Virus Bulletin