lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 25 May 2007 09:02:26 +0200
From: <>
To: "'BugTraq'" <>,
Subject: n.runs-SA-2007.009 - Avast! Antivirus SIS parsing Arbitrary Code Execution Advisory

n.runs AG			               security(at)
n.runs-SA-2007.009                                           25-May-2007

Vendor:	           ALWIL Software a.s.,
Affected Product:      avast! antivirus
Vulnerability:         Arbitrary Code Execution (remote) 
Risk:                  HIGH

Vendor communication:

  2007/05/07		initial notification to ALWIL Software a.s.
  2007/05/07		ALWIL Software a.s. Response
  2007/05/07		PoC files sent to ALWIL Software a.s.
  2007/05/09		ALWIL Software a.s. Response
  2007/05/09		resent PoC files sent to ALWIL Software a.s.
  2007/05/09		ALWIL Software a.s. acknowledge the PoC files
  2007/05/10		ALWIL Software a.s. issued the fix for testing
  2007/05/16		ALWIL Software a.s. released Update with fixes

The company specializes in security software, with avast! antivirus being
the flagship product line. During the lifetime of the product line, avast!
products have become both award winning, and number one in a number of key
markets, as well as increasing market share year-on-year since first
international release.
On 11th May 2007 avastR! antivirus Home Edition reached 30 million
registered users.


A remotely exploitable vulnerability has been found in the file parsing

In detail, the following flaw was determined:

- Heap Overflow through Integer Cast Around in .SIS file parsing


This problem can lead to remote arbitrary code execution if an attacker
carefully crafts a file that exploits the aforementioned vulnerability. The
vulnerability is present in avast! Antivirus software versions prior to the
update Version 4.7.700. 

The vulnerability was reported on 07.May.2007 and an update has been issued
on 16.May.2007 to solve this vulnerability through the regular update

Bugs found by Sergio Alvarez of n.runs AG. 


This Advisory and Upcoming Advisories:

Unaltered electronic reproduction of this advisory is permitted. For all
other reproduction or publication, in printing or otherwise, contact for permission. Use of the advisory constitutes
acceptance for use in an "as is" condition. All warranties are excluded. In
no event shall n.runs be liable for any damages whatsoever including direct,
indirect, incidental, consequential, loss of business profits or special
damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of apply.

Powered by blists - more mailing lists