Avira glitch removed
Avira, a producer of anti-virus software, has eliminated a vulnerability in all AntiVir products that could crash the unpacker module when crafted RAR archives are processed. The cause of the problem was a division by zero error in the unpacker module. Under rare circumstances, this is also said to have caused a NULL pointer dereference, though Avira doesn't believe it possible to execute injected code with specially prepared archives due to this bug. An automatic update issued last Friday is reckoned to have already resolved the problem.
Thierry Zoller, a security consultant, has also reported that an error in the Avira scheduler (sched.exe) could possibly be exploited in order to get system rights on a PC. The cause is claimed to be an insecure invocation of the Windows CreateProcess() function. Zoller says Avira will correct this bug in the next emergency update (EU2).
See also:
- Avira AntiVir - RAR Parser Denial of Service, security advisory from Thierry Zoller
- Avira AntiVir - Privilege Escalation, security advisory from Thierry Zoller
(trk)