Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] n.runs-SA-2007.008 - Avast! Antivirus CAB parsing Arbi

from [security] Network Security [Permanent Link]
Subject: [Full-disclosure] n.runs-SA-2007.008 - Avast! Antivirus CAB parsing Arbitrary Code Execution Advisory
Date: Thu, 24 May 2007 12:38:28 +0200 
n.runs AG                                          
http://www.nruns.com/                                  security(at)nruns.com
n.runs-SA-2007.008                                           24-May-2007
________________________________________________________________________

Vendor:            ALWIL Software a.s., http://www.avast.com
Affected Product:      avast! antivirus
Vulnerability:         Arbitrary Code Execution (remote) 
Risk:                  HIGH
________________________________________________________________________

Vendor communication:

  2007/05/07            initial notification to ALWIL Software a.s.
  2007/05/07            ALWIL Software a.s. Response
  2007/05/07            PoC files sent to ALWIL Software a.s.
  2007/05/09            ALWIL Software a.s. Response
  2007/05/09            resent PoC files sent to ALWIL Software a.s.
  2007/05/09            ALWIL Software a.s. acknowledge the PoC files
  2007/05/10            ALWIL Software a.s. issued the fix for testing
  2007/05/16            ALWIL Software a.s. released Update with fixes
________________________________________________________________________

Overview:
 
The company specializes in security software, with avast! antivirus being
the flagship product line. During the lifetime of the product line, avast!
products have become both award winning, and number one in a number of key
markets, as well as increasing market share year-on-year since first
international release.
On 11th May 2007 avastR! antivirus Home Edition reached 30 million
registered users.

Description:

A remotely exploitable vulnerability has been found in the file parsing
engine.

In detail, the following flaw was determined:

- Heap Overflow through Integer Cast Around in .CAB file parsing


Impact:

This problem can lead to remote arbitrary code execution if an attacker
carefully crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in avast! Antivirus software versions prior to the
update Version 4.7.700. 

Solution: 
The vulnerability was reported on 07.May.2007 and an update has been issued
on 16.May.2007 to solve this vulnerability through the regular update
mechanism.
________________________________________________________________________

Credit: 
Bugs found by Sergio Alvarez of n.runs AG. 
________________________________________________________________________

References: 
http://www.avast.com/eng/adnm-management-client-revision-history.html
http://www.avast.com/eng/search.php?searchFor=sergio+alvarez

This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
________________________________________________________________________

Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact
security@nruns.com for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded. In
no event shall n.runs be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if n.runs has been advised of the possibility of such damages.


Copyright 2007 n.runs AG. All rights reserved. Terms of apply.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] n.runs-SA-2007.008 - Avast! Antivirus CAB parsing Arbitrary Code Execution Advisory, security <=
Previous by Date:  Re: [Full-disclosure] WordPress Community Vulnerable, Larry Seltzer
Next by Date:  Re: [Full-disclosure] WordPress Community Vulnerable, Valdis . Kletnieks
Previous by Thread:  [Full-disclosure] [OpenPKG-SA-2007.018] OpenPKG Security Advisory (freetype), OpenPKG GmbH
Next by Thread:  [Full-disclosure] [SECURITY] [DSA 1297-1] New gforge-plugin-scmcvs packages fix arbitrary shell command execution, Moritz Muehlenhoff
Indexes:  [Date] [Thread] [Top] [All Lists]