In association with heise online

23 May 2007, 17:07

NOD32 executes malicious code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Attackers may be able to inject malicious code into antivirus scanner NOD32. According to an entry at the Bugtraq security mailing list, attackers can get complete control of a vulnerable system if they manage, either locally or remotely, to save a file in a directory with a long path name. All versions of NOD32 prior to version, which was recently released via automatic update, allegedly contain the programming flaw.

Two buffer overflows occur when the susceptible pathnames are processed, causing the error. However, it is difficult to exploit. The overflow only occurs if the scanner disinfects, deletes, or renames a file in the folder. Furthermore, attackers have to formulate their malicious code so that it is displayed as a directory name encoded in Unicode. Nonetheless, a working exploit for the hole is said to exist. Users of NOD32 who install their updates manually are advised to do so immediately.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit