In association with heise online

24 May 2007, 15:38

Avast executes code from CAB files

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider n.runs has discovered a vulnerability in Alwil's Avast anti-virus product which allows attackers to inject malicious code onto affected systems using crafted CAB and SIS files. The flaw is due to an integer typecast in the routine for processing this file format, and results in a buffer overflow. Avast versions prior to 4.7.700 are affected. Alwil is distributing patches to fix this security vulnerability via the automatic update mechanism.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit