In association with heise online

12 September 2006, 13:04

Avast virus scanner vulnerable to code smuggling

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A buffer overrun in the Avast virus scanner could be used by attackers to plant malicious code. The scan engine, which will soon also be performing its services in GData's anti-virus software, can be knocked off kilter during the processing of manipulated LHA archives with overlong header entries. This could, for example, allow attackers to exploit email attachments.

A security advisory from Hustlelabs indicates that the flaw can be reliably exploited. Desktop scan engines prior to version 4.7.869 and server engines earlier than 4.7.660 are vulnerable. They are included as OEM versions in numerous other products, including the Internet Anywhere eMailServer from TN North Software, Merak Email Server from IceWarp Software, MailMax Server from SmartMax Software and others.

The current scan engines no longer contain the error. They should have been fixed recently through their respective update mechanisms.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit