In association with heise online

14 April 2008, 16:24

Crafted EXE files can inject code in ClamAV

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated EXE files.

According a Secunia advisory, a boundary error in the cli_scanpe() function in libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows .exe files) compressed with the Upack runtime packer can provoke this buffer overflow to inject and execute code.

ClamAV's developers apparently intend to release an updated version soon that will remedy the vulnerability in versions up to and including 0.92.1. Until then, administrators running ClamAV on their servers should check executable Windows files with a different virus scanner and install the ClamAV update as soon as it becomes available.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit