Security update for avast! anti-virus
Anti-virus software vendor Alwil has released an update for its avast! virus scanning engine, which fixes at least two security-related bugs. The engine used in versions prior to version 4.7.1098 of avast! 4 Home and Professional editions has vulnerabilities in the Tar and RAR unpacker, which could be exploited by an attacker to gain access to a system. According to the report, at least in the case of the Tar vulnerability, opening an e-mail or visiting a crafted website is sufficient to trigger this vulnerability.
Users of avast! should already have received the updated version 4.7.1098 via the automatic update system, although the program does ask users if they really want to install the new version. However, other anti-virus software vendors also use the avast! engine. But it is not clear whether the avast! Tar unpacker is also used or whether these companies use their own. GDATA's AntiVirusKit 2007 and 2008 make use of the avast engine and are therefore also vulnerable. GDATA plans to distribute a new version via its automatic update.
- Version 4.7.1098, avast! 4 Home/Professional revision history
- Avast! AntiVirus TAR Processing Remote Heap Corruption, security advisory from Nevis Labs