TITLE: AVG Anti-Virus Multiple File Parsing Vulnerabilities SECUNIA ADVISORY ID: SA22811
VERIFY ADVISORY: http://secunia.com/advisories/22811/ CRITICAL: Highly critical IMPACT: Unknown, DoS, System access WHERE: >From remote SOFTWARE: AVG Anti-Virus Free Edition 7.x http://secunia.com/product/6489/ AVG Antivirus 6.x http://secunia.com/product/335/ AVG Antivirus Professional http://secunia.com/product/336/ AVG Antivirus Server http://secunia.com/product/337/ DESCRIPTION: Vulnerabilities in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. 1) An integer overflow error when parsing CAB archives can be exploited to cause a heap-based buffer overflow via a specially crafted CAB archive. 2) An unspecified error when parsing RAR archives can be exploited to cause a heap-based buffer overflow via a specially crafted RAR archive. 3) An uninitialized variable error exists within the parsing of CAB archives. 4) A division by zero error when parsing DOC files may in certain cases cause a DoS via a specially crafted DOC file. 5) An unspecified error exists within the parsing of EXE files. The vulnerabilities are reported in AVG Antivirus software versions prior to 7.1.407. SOLUTION: Update to the latest version. ORIGINAL ADVISORY: Grisoft: http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
