Vulnerability in BitDefender virus scanner fixed
BitDefender has just released information regarding a critical security vulnerability in its anti-virus products. According to this information, security services provider n.runs informed the company at the end of August of a heap overflow in the scanner when parsing packed PE files. This would apparently have permitted an attack to inject malicious code onto a system and execute it. This affected not just products for home users, but also server solutions such as BitDefender for ISA Server, BitDefender for MS Exchange 2000, 2003, 5.5 and BitDefender Mail Protection for Enterprises. BitDefender fixed the bug within a few days.
It is not clear why this information is only now being published. BitDefender distributed the patch via its automatic update system, so that there should be no customers still running a vulnerable product. The situation is somewhat different for Symantec Enterprise product users. They are exposed to attacks by the Yellow Worm, which penetrates systems using a vulnerability discovered in May 2006. A patch to fix this vulnerability has been available since June, but because it was not distributed via the LiveUpdate system, it appears not to have been installed on all systems. Symantec Client Security and Symantec AntiVirus only use LiveUpdate to update virus signatures and not to update program versions. If an administrator misses a message regarding patches, his system may remain vulnerable.
- BitDefender AV Packed PE File Parsing Engine Heap Overflow, bug report from n.runs
- cevakrnl.xmd vulnerability, update information from BitDefender