Crafted EXE files can inject code in ClamAV
Security service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated
According a Secunia advisory, a boundary error in the
cli_scanpe() function in
libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows
.exe files) compressed with the Upack runtime packer can provoke this buffer overflow to inject and execute code.
ClamAV's developers apparently intend to release an updated version soon that will remedy the vulnerability in versions up to and including 0.92.1. Until then, administrators running ClamAV on their servers should check executable Windows files with a different virus scanner and install the ClamAV update as soon as it becomes available.
- ClamAV Upack Processing Buffer Overflow Vulnerability, Secunia security advisory
- Download the current version of ClamAV