Avast virus scanner vulnerable to code smuggling
A buffer overrun in the Avast virus scanner could be used by attackers to plant malicious code. The scan engine, which will soon also be performing its services in GData's anti-virus software, can be knocked off kilter during the processing of manipulated LHA archives with overlong header entries. This could, for example, allow attackers to exploit email attachments.
A security advisory from Hustlelabs indicates that the flaw can be reliably exploited. Desktop scan engines prior to version 4.7.869 and server engines earlier than 4.7.660 are vulnerable. They are included as OEM versions in numerous other products, including the Internet Anywhere eMailServer from TN North Software, Merak Email Server from IceWarp Software, MailMax Server from SmartMax Software and others.
The current scan engines no longer contain the error. They should have been fixed recently through their respective update mechanisms.
- alwil avast! Anti-virus Engine Remote/Local Heap Overflow (pdf), security advisory from Hustlelabs
(ehe)