Wed, Nov 15 2006 5:17
Don
AVG Anti-Virus Multiple File Parsing Vulnerabilities
Description:
Sergio Alvarez has reported some vulnerabilities
in AVG Anti-Virus, which can be exploited by malicious people to cause
a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) An integer overflow error when parsing CAB archives can be exploited
to cause a heap-based buffer overflow via a specially crafted CAB
archive.
2) An unspecified error when parsing RAR archives can be exploited to
cause a heap-based buffer overflow via a specially crafted RAR archive.
3) An uninitialized variable error exists within the parsing of CAB archives.
4) A division by zero error when parsing DOC files may in certain cases cause a DoS via a specially crafted DOC file.
5) An unspecified error exists within the parsing of EXE files.
The vulnerabilities are reported in AVG Antivirus software versions prior to 7.1.407.
Solution:
Update to the latest version.
Secunia Advisory
Filed under: Advisories / Bulletins