Security update for AVG virus scanner
AVG Technologies' virus scanner contains a DoS vulnerability that allows attackers to crash the scanner. The crash is caused by division by zero when processing UPX-packed files. The vendor has released update 8.0.156, which fixes the problem.
Also in this version, the Search-Shield components do not scan web sites for malicious content until the user clicks on the link on the search page. Previously, the link scanner pre-scanned all of the sites found by a Google search, for instance – the entire list shown on a search results page. This change is in response to massive criticism by network administrators that the link scanner would use too much bandwidth for its website analysis.
See also:
- AVG Antivirus UPX parsing Divide by Zero Advisory, nruns security advisory
- Program update AVG 8.0.156, description by AVG
(trk)