ClamAV can trip over UPX-compressed .EXEs
A vulnerability in the open source virus scanner ClamAV enables attackers to execute arbitrary code on affected computers. The error can arise during the unpacking of programs compressed using the commonly used UPX format.
In a security advisory from overflow.pl, the hole's discoverer also linked to proof-of-concept code that exploits the vulnerability. Version 0.88.3 of ClamAV, and in all likelihood older versions, are affected.
The project's homepage is now offering version 0.88.4, which purportedly no longer contains the flaw. All users of ClamAV, in particular (mail) server administrators who rely on ClamAV, should update to the newer version ASAP.
- Clam AntiVirus Win32-UPX Heap Overflow, security advisory from overflow.pl
- Homepage with downloads of the current versions of ClamAV