NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory
Affected Products: ESET NOD32 Antivirus
Vulnerability: Arbitrary Code Execution (remote)
Risk: HIGH
Vendor communication:
2006/08/24 initial notification of ESET
2006/08/28 ESET Response
2006/08/29 PGP keys exchange
2006/08/29 PoC files sent to ESET
2006/09/06 ESET initial feedback.
2006/09/08 ESET confirmed the bug and fixed
2006/09/08 ESET made available the updates
Description:
Multiple vulnerabilities have been found in the file parsing engine.
In detail, the following flaw was determined:
- Divide by Zero in .CHM file parsing.
- Heap Overflow through Integer Overflow in .DOC File Parsing
The .DOC problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerabilities.
The vulnerabilities are present in NOD32 Antivirus software versions prior to the update v.1.1743.
Solution: The vulnerabilities were reported on Aug 24 and an update has been issued on Sep 08 to solve these vulnerabilities through the regular update mechanism.
Reference: http://www.securityfocus.com/archive/1/454949 (advisory published Dec. 20, 2006)