Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Exploits-HackingTools
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[NT] AVG Anti-Virus Arbitrary Code Execution

from [SecuriTeam] Network Security [Permanent Link]
Subject: [NT] AVG Anti-Virus Arbitrary Code Execution
Date: 14 Nov 2006 15:10:09 +0200 
The following security advisory is sent to the securiteam mailing list, and can 
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -



  AVG Anti-Virus Arbitrary Code Execution
------------------------------------------------------------------------


SUMMARY

Grisoft is "focused on developing software solutions that provide 
protection from computer viruses. Grisoft's primary focus is to deliver 
the most comprehensive and proactive protection available on the market.

Distributed globally through resellers and through the internet, the AVG 
Anti-Virus product line supports all major operating systems and 
platforms. More than 40 million users around the world use Grisoft AVG 
products to protect their computers and networks".

Multiple vulnerabilities have been found in AVG Anti-Virus's file parsing 
engine which allow attackers to overflow internal buffers and  cause 
denial of service.

DETAILS

Vulnerable Systems:
 * AVG Antivirus software version 7.1.406 and prior

Immune Systems:
 * AVG Antivirus software version 7.1.407 or newer

In detail, the following flaws were determined:
 * Heap Overflow through Integer Overflow in .CAB file parsing
 * Uninitialized Variable flaw in .CAB file parsing.
 * Divide by Zero in .DOC file parsing.
 * Heap Overflow through Integer Overflow in .RAR file parsing
 * Integer Issues in .EXE file parsing.

These problems can lead to remote arbitrary code execution if an attacker 
carefully crafts a file that exploits one or more of the aforementioned 
vulnerabilities.  The vulnerabilities are present in AVG Antivirus 
software versions prior to 7.1.407.

Solution:
The vulnerabilities were reported on Aug 24 and the fixes were released on
Sep 20. The updated software versions are available from
http://www.grisoft.com/doc/10/lng/us/tpl/tpl01

Disclosure Timeline:
2006/08/24 - initial notification to Grisoft Inc.
2006/08/24 - Grisoft Inc. Response
2006/08/25 - PGP keys exchange
2006/08/25 - PoC files sent to Grisoft Inc.
2006/08/30 - Bugs Confirmation, Timeframe Coordination for patchs 
development and testing
2006/09/20 - Grisoft Inc. released Update with fixes


ADDITIONAL INFORMATION

The information has been provided by Sergio Alvarez.
The original article can be found at:  
<http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01> 
http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: 
list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: 
list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any 
kind. 
In no event shall we be liable for any damages whatsoever including direct, 
indirect, incidental, consequential, loss of business profits or special 
damages.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [NT] AVG Anti-Virus Arbitrary Code Execution, SecuriTeam <=
Previous by Date:  [UNIX] HP Tru64 libpthread Buffer Overflow, SecuriTeam
Next by Date:  [TOOL] txdns - Aggressive Multithreaded DNS digger/brute-forcer, SecuriTeam
Previous by Thread:  [UNIX] HP Tru64 libpthread Buffer Overflow, SecuriTeam
Next by Thread:  [TOOL] txdns - Aggressive Multithreaded DNS digger/brute-forcer, SecuriTeam
Indexes:  [Date] [Thread] [Top] [All Lists]