TotalChoice Hosting Family Forums > Avg Anti-virus Multiple File Parsing Vulnerabilities

Full Version: Avg Anti-virus Multiple File Parsing Vulnerabilities

TotalChoice Hosting Family Forums > TotalChoice Hosting General Support > Security Discussions > Software/Scripts/Other Alerts

TCH-Thomas

Nov 14 2006, 11:37 AM

Secunia reports this as Highly critical.
Read more at: http://secunia.com/advisories/22811/

Description:
Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.

1) An integer overflow error when parsing CAB archives can be exploited to cause a heap-based buffer overflow via a specially crafted CAB archive.

2) An unspecified error when parsing RAR archives can be exploited to cause a heap-based buffer overflow via a specially crafted RAR archive.

3) An uninitialized variable error exists within the parsing of CAB archives.

4) A division by zero error when parsing DOC files may in certain cases cause a DoS via a specially crafted DOC file.

5) An unspecified error exists within the parsing of EXE files.

The vulnerabilities are reported in AVG Antivirus software versions prior to 7.1.407.

Solution:
Update to the latest version.

TCH-Bruce

Nov 14 2006, 12:09 PM

Thanks Thomas

Head Guru

Nov 14 2006, 12:51 PM

Finally for once, I replaced a product PRIOR to security issues being announced.

LOL

TCH-Don

Nov 14 2006, 02:58 PM

Thanks Thomas

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.