Critical vulnerabilities in AVG closed
The innocuous change log entry "Fixed vulnerabilities in the archives and files parsing engine" belies the repair of several critical security holes as part of an AVG update by Grisoft several weeks ago. Sergio Alvarez from n.runs, who discovered the hole, has issued a security advisory to clear up the matter.
Grisoft in fact removed errors related to the processing of CAB and RAR archives – including integer overruns that could lead to heap-based buffer overflows and the execution of planted code. Word documents could also provoke a division-by-zero error, which minimally could cause a denial of service (by crashing the scanner). Other problems included non-initialised variables in the CAB processing routines and through general integer errors during the analysis of executable EXE files.
AVG versions prior to 7.1.407 are affected. Support for the 7.1 series ends in January 2007, as a pop-up in the older software currently reminds. Anyone still using that version or even older ones can switch to version 7.5, which does not contain the corresponding flaw and which is available for private users in a free version.
- Program update AVG 7.1.407, Change log from Grisoft
- AVG Anti-Virus - Arbitrary Code Execution (remote), error report from Sergio Alvarez at Full Disclosure
- Download of AVG-7.5-Free (no charge for private users)
(ehe)