Wed, Nov 15 2006 5:17
AVG Anti-Virus Multiple File Parsing Vulnerabilities
Sergio Alvarez has reported some vulnerabilities
in AVG Anti-Virus, which can be exploited by malicious people to cause
a DoS (Denial of Service) or potentially compromise a vulnerable system.
1) An integer overflow error when parsing CAB archives can be exploited
to cause a heap-based buffer overflow via a specially crafted CAB
2) An unspecified error when parsing RAR archives can be exploited to
cause a heap-based buffer overflow via a specially crafted RAR archive.
3) An uninitialized variable error exists within the parsing of CAB archives.
4) A division by zero error when parsing DOC files may in certain cases cause a DoS via a specially crafted DOC file.
5) An unspecified error exists within the parsing of EXE files.
The vulnerabilities are reported in AVG Antivirus software versions prior to 7.1.407.
Update to the latest version.
Filed under: Advisories / Bulletins