Vulnerabilities in Panda Antivirus and NOD32
Security services provider n.runs has released a number of reports of vulnerabilities in Eset's NOD32 and in Panda's anti-virus packages which can be used by an attacker to crash the anti-virus program or even to inject and execute code on a victim's computer without user intervention. For the Panda product, reading a crafted EXE file, such as an e-mail attachment, is sufficient to provoke the problem. The report indicates that Panda fixed the problem just a few days ago, but does not reveal whether the fix is being distributed via the automatic update system.
The vulnerabilities in NOD32 were, according to n.runs, fixed in late May. It is not clear why this information is being published at this late stage. Processing of a crafted CAB archive by NOD32 is sufficient to trigger a heap overflow which can be exploited to inject code. In addition, files packed using ASPACK or FSG cause a crash or excess CPU usage on the system.
See also the following security advisories from n.runs:
- NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory
- NOD32 Antivirus ASPACK parsing Infinite Loop Advisory
- NOD32 Antivirus ASPACK and FSG parsing Divide by Zero Advisory
- Panda Antivirus EXE parsing Arbitrary Code Execution Advisory
(mba)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
