lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAEqlc0sEqCZMjFiSy1tj+RPCgAAAEAAAAMJlWlZ831FKg2NQbAzDwRQBAAAAAA==@nruns.com>
Date: Mon, 13 Nov 2006 16:24:23 +0100
From: <security@...ns.com>
To: <full-disclosure@...ts.grok.org.uk>,
	"'BugTraq'" <bugtraq@...urityfocus.com>
Cc: darklab@...ts.darklab.org
Subject: AVG Anti-Virus - Arbitrary Code Execution (remote)

n.runs AG					   
http://www.nruns.com/			              security at nruns.com
n.runs-SA-2006.002                                           13-Nov-2006
________________________________________________________________________

Vendor:	           Grisoft Inc., http://grisoft.com
Product:               AVG Anti-Virus
Vulnerability:         Arbitrary Code Execution (remote) 

________________________________________________________________________

Vendor communication:

  2006/08/24		initial notification to Grisoft Inc.
  2006/08/24		Grisoft Inc. Response
  2006/08/25		PGP keys exchange
  2006/08/25		PoC files sent to Grisoft Inc.
  2006/08/30		Bugs Confirmation, Timeframe Coordination for patchs
development and testing
  2006/09/20		Grisoft Inc. released Update with fixes
________________________________________________________________________

Overview:
 
Grisoft is focused on developing software solutions that provide protection
from computer viruses. Grisoft's primary focus is to deliver the most
comprehensive and proactive protection available on the market. 

Distributed globally through resellers and through the internet, the AVG
Anti-Virus product line supports all major operating systems and platforms.
More than 40 million users around the world use Grisoft AVG products to
protect their computers and networks.


Description:

Multiple vulnerabilities have been found in the file parsing engine.

In detail, the following flaws were determined:

- Heap Overflow through Integer Overflow in .CAB file parsing
- Uninitialized Variable flaw in .CAB file parsing.
- Divide by Zero in .DOC file parsing.
- Heap Overflow through Integer Overflow in .RAR file parsing
- Integer Issues in .EXE file parsing.

These problems can lead to remote arbitrary code execution if an attacker
carefully crafts a file that exploits one or more of the aforementioned
vulnerabilities.  The vulnerabilities are present in AVG Antivirus software
versions prior to 7.1.407. 

Solution: 
The vulnerabilities were reported on Aug 24 and the fixes were released on
Sep 20. The updated software versions are available from 
http://www.grisoft.com/doc/10/lng/us/tpl/tpl01
________________________________________________________________________

Credit: 
Bugs found by Sergio Alvarez of n.runs AG. Thanks.

Thanks.
________________________________________________________________________

References: http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01
________________________________________________________________________

The information provided is released by n.runs "as is" without warranty of
any kind. n.runs disclaims all warranties, either express or implied, expect
for the warranties of merchantability. In no eventshall n.runs be liable for
any damages whatsever including direct, indirect, incidental, consequential,
loss of business profits or special damages, even if n.runs has been advised
of the possibility of such damages.
Distribution or Reproduction of the information is provided that the
advisory is not modified in any way.

Copyright 2006 n.runs. All rights reserved. Terms of use.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ