In association with heise online

22 December 2008, 09:37

Vulnerabilities in several virus scanners [Update]

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Secunia and IVIZ Techno have published reports of vulnerabilities in virus scanners. A vulnerable ActiveX control in Trend Micro's online scanner House Call can allow an attacker to infect a PC and then all that is needed is for the victim to visit a malicious site. The problem can be found in House Call and Users should remove the Housecall_ActiveX.dll and then visit the HouseCall site and install version

In ESET Smart Suite for Windows, a driver, epfw.sys has a flaw that allows attackers to gain system privileges by using particular IOCTL requests. An update for ESET fixes the problem.

AVG for Linux has an issue when parsing UPX packed files that is potentially usable for code injection exploits. It affects AVG for Linux 7.5.51 and there is no fix currently available. The Linux version of BitDefender suffers from integer overflows when analysing corrupted PE binaries that have been packed with Neolite or ASProtect packers, again allowing for remote code execution. In this case, the vendor has fixed the problem in versions after 7.6.0825.

Even the Sophos Anti-Virus 4.33 for Linux has problems with certain types of packed files (Armadillo, ASProtect, asprotectSKE) and CAB archives, but so far these have only been observed to cause crashes. The problem with CAB files has been resolved, but no fix has been published for the packed files problem. Update - Sophos in a statement say "we cannot reproduce the packer-related vulnerabilities that Iviz mention. The samples they provided are scanned as expected, without crashing. As such we do not believe that are products are vulnerable in the way Iviz describe and there is no fix to publish. We have offered to work with Iviz should they have further evidence they can share with us."

A critical hole also exists in the Linux edition of Avast for Workstations v1.0.8 (trial), but this has been eliminated in later versions, with 1.2.0 currently available to download.

See Also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit