TITLE:
NOD32 Antivirus Two Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID:
SA25375
VERIFY ADVISORY:
http://secunia.c
om/advisories/25375/
CRITICAL:
Moderately critical
IMPACT:
Privilege escalation, System access
WHERE:
>From remote
SOFTWARE:
NOD32 for Windows NT/2000/XP/2003 2.x
http://secunia.com/p
roduct/1066/
DESCRIPTION:
Ismael Briones has reported two vulnerabilities in Nod32
Antivirus,
which potentially can be exploited by malicious users to
gain
escalated privileges, or by malicious people to compromise
a
vulnerable system.
The vulnerabilities are caused due to boundary errors when
cleaning,
deleting, or renaming files detected as malware. These can
be
exploited to cause stack-based buffer overflows via a
specially
crafted directory containing malware with an overly long
directory or
path name.
Successful exploitation may allow execution of arbitrary
code.
The vulnerabilities are reported in versions prior to
2.70.37.
SOLUTION:
Update to version 2.70.39.
http://www.eset.com/download/registered_software.php
ORIGINAL ADVISORY:
ESET:
http://www.eset.
com/support/news.php
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|
