Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Panda Remote Heap Overflow

from [list] Network Security [Permanent Link]
Subject: [Full-disclosure] Panda Remote Heap Overflow
Date: Tue, 29 Nov 2005 16:01:42 +0000 
Date
November 29, 2005

Vulnerability
The Panda Antivirus Library provides file format support for virus analysis. 
During decompression of ZOO files Panda is vulnerable to a heap overflow 
allowing attackers complete control of the system(s) being protected. This 
vulnerability can be exploited remotely without user interaction in default 
configurations through common protocols such as SMTP. 

Impact
Successful exploitation of Panda protected systems allows attackers 
unauthorized control of data and related privileges. It also provides leverage 
for further network compromise. Panda implementations are likely vulnerable in 
their default configuration.

Affected Products
Due to the libraryâs modular design and core functionality: it is likely this 
vulnerability affects a substantial portion of Pandaâs gateway, server, and 
client antivirus enabled product lines on most platforms. 

http://www.pandasoftware.com/

Note: this library is also licensed to other venders with implementations that 
are likely affected, refer to Panda for specifics.

Details
http://www.rem0te.com/public/images/panda.pdf

Credit
This vulnerability was discovered and researched by Alex Wheeler.

Contact
security@rem0te.com




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Panda Remote Heap Overflow, list <=
Previous by Date:  Re: [Full-disclosure] Re: Google Talk cleartext credentials in processmemory, pagvac
Next by Date:  Re: [Full-disclosure] Paypal phishing attempt, Morning Wood
Previous by Thread:  [Full-disclosure] [SECURITY] [DSA 911-1] New gtk+2.0 packages fix several vulnerabilities, Martin Schulze
Next by Thread:  [Full-disclosure] Cisco Security Advisory: Cisco Security Agent Vulnerable to Privilege Escalation, Cisco Systems Product Security Incident Response Team
Indexes:  [Date] [Thread] [Top] [All Lists]