The following security advisory is sent to the securiteam mailing list, and can
be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
NOD32 Antivirus Multiple Vulnerabilities
------------------------------------------------------------------------
SUMMARY
Founded in 1992, <http://eset.com> ESET is "a global provider of security
software for enterprises and consumers. ESET's award-winning, antivirus
software system, NOD32, provides real-time protection from known and
unknown viruses, spyware, rootkits and other malware. NOD32 offers the
smallest, fastest and most advanced protection available, with more Virus
Bulletin 100% Awards than any other antivirus product". Multiple
vulnerabilities have been found in NOD32's Antivirus package.
DETAILS
Vulnerable Systems:
* ESET NOD32 Antivirus version 2.2288 and prior
Immune Systems:
* ESET NOD32 Antivirus version 2.2289 and newer
CAB parsing Arbitrary Code Execution Advisory
A remotely exploitable vulnerability has been found in the file parsing
engine.
In detail, a heap corruption can be caused through a race condition in
CAB file parsing.
Impact:
This problem can lead to remote arbitrary code execution if an attacker
carefully crafts a file that exploits the aforementioned vulnerability.
The vulnerability is present in NOD32 Antivirus software versions prior to
the update v.2.2289.
Solution:
The vulnerability was reported on May 07 and an update has been issued on
May 24 to solve this vulnerability through the regular update mechanism.
ASPACK parsing Infinite Loop Advisory
A remotely exploitable vulnerability has been found in the file parsing
engine.
In detail, an infinite loop through an integer overflow in ASPACK packed
files parsing.
Impact:
This problem can lead to remote denial of service provoked by high CPU
consume and exhaustion of storage resource if an attacker carefully crafts
a file that exploits the aforementioned vulnerability. The vulnerability
is present in NOD32 Antivirus software versions prior to the update
v.2.2289.
Solution:
The vulnerability was reported on May 07 and an update has been issued on
May 24 to solve this vulnerability through the regular update mechanism.
ASPACK and FSG parsing Divide by Zero Advisory
A remotely exploitable vulnerability has been found in the file parsing
engine.
In detail, a divide by zero in ASPACK and FSG packed files parsing.
Impact:
This problem can lead to remote denial of service if an attacker carefully
crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in NOD32 Antivirus software versions prior to the
update v.2.2289.
Solution:
The vulnerability was reported on May 07 and an update has been issued on
May 24 to solve this vulnerability through the regular update mechanism.
ADDITIONAL INFORMATION
The information has been provided by n.runs AG.
The original article can be found at:
<http://www.nruns.com/parsing-engines-advisories.php>
http://www.nruns.com/parsing-engines-advisories.php
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to:
list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to:
list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any
kind.
In no event shall we be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages.
