Vulnerabilities in several virus scanners [Update]
Secunia and IVIZ Techno have published reports of vulnerabilities in virus scanners. A vulnerable ActiveX control in Trend Micro's online scanner House Call can allow an attacker to infect a PC and then all that is needed is for the victim to visit a malicious site. The problem can be found in House Call 184.108.40.2068 and 220.127.116.118. Users should remove the
Housecall_ActiveX.dll and then visit the HouseCall site and install version 18.104.22.1685.
In ESET Smart Suite for Windows, a driver,
epfw.sys has a flaw that allows attackers to gain system privileges by using particular IOCTL requests. An update for ESET fixes the problem.
AVG for Linux has an issue when parsing UPX packed files that is potentially usable for code injection exploits. It affects AVG for Linux 7.5.51 and there is no fix currently available. The Linux version of BitDefender suffers from integer overflows when analysing corrupted PE binaries that have been packed with Neolite or ASProtect packers, again allowing for remote code execution. In this case, the vendor has fixed the problem in versions after 7.6.0825.
Even the Sophos Anti-Virus 4.33 for Linux has problems with certain types of packed files (Armadillo, ASProtect, asprotectSKE) and CAB archives, but so far these have only been observed to cause crashes. The problem with CAB files has been resolved, but no fix has been published for the packed files problem. Update - Sophos in a statement say "we cannot reproduce the packer-related vulnerabilities that Iviz mention. The samples they provided are scanned as expected, without crashing. As such we do not believe that are products are vulnerable in the way Iviz describe and there is no fix to publish. We have offered to work with Iviz should they have further evidence they can share with us."
A critical hole also exists in the Linux edition of Avast for Workstations v1.0.8 (trial), but this has been eliminated in later versions, with 1.2.0 currently available to download.
- Trend Micro HouseCall "notifyOnLoadNative()" Vulnerability, Secunia advisory
- Bitdefender antivirus for Linux multiple vulnerabilities, iViZ advisory
- ESET Smart Security (epfw.sys) Privilege Escalation Vulnerability, NT Internals advisory
- Sophos Anti-Virus fuzzed CAB archive vulnerability reported; Sophos advisory
- Sophos Antivirus for Linux, iViZ advisory
- AVG antivirus for Linux, iViZ advisory
- Avast antivirus for Linux multiple vulnerabilities, iViZ advisory