Further vulnerabilities in anti-virus software
Having reported on Avast's anti-virus software, Sergio Alvarez from security company n.runs now seems to have turned his attention to Avira's Antivir product, in which he has discovered a number of security-related vulnerabilities. A buffer overflow which can be used to inject and execute code can occur when processing LZH compressed files. A division by zero can occur with UPX files and TAR files can cause the software to enter an infinite loop.
Avira has, however, been quick to react. Less than two weeks after being notified by Alvarez, the vendor has distributed AVPack version 7.03.00.09 and a new engine version 7.04.00.24, which fix the problem, to all customers.
- Avira Antivir Arbitrary Code Execution [LZH] advisory from n.runs
- Avira Antivir UPX parsing Divide by Zero advisory from n.runs
- Avira AntiVir Vulnerabilities Patrick Lichtner from Avira on the support forum