TITLE:
AVG Anti-Virus Multiple File Parsing Vulnerabilities
SECUNIA ADVISORY ID:
SA22811
VERIFY ADVISORY:
http://secunia.c
om/advisories/22811/
CRITICAL:
Highly critical
IMPACT:
Unknown, DoS, System access
WHERE:
From remote
SOFTWARE:
AVG Anti-Virus Free Edition 7.x
http://secunia.com/p
roduct/6489/
AVG Antivirus 6.x
http://secunia.com/pr
oduct/335/
AVG Antivirus Professional
http://secunia.com/pr
oduct/336/
AVG Antivirus Server
http://secunia.com/pr
oduct/337/
DESCRIPTION:
Vulnerabilities in AVG Anti-Virus, which can be exploited by
malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
1) An integer overflow error when parsing CAB archives can
be
exploited to cause a heap-based buffer overflow via a
specially
crafted CAB archive.
2) An unspecified error when parsing RAR archives can be
exploited to
cause a heap-based buffer overflow via a specially crafted
RAR
archive.
3) An uninitialized variable error exists within the parsing
of
CAB
archives.
4) A division by zero error when parsing DOC files may in
certain
cases cause a DoS via a specially crafted DOC file.
5) An unspecified error exists within the parsing of EXE
files.
The vulnerabilities are reported in AVG Antivirus software
versions
prior to 7.1.407.
SOLUTION:
Update to the latest version.
ORIGINAL ADVISORY:
Grisoft:
htt
p://www.grisoft.com/doc/36365/lng/us/tpl/tpl01
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|