Jump to content
TCH-Thomas

Nod32 Antivirus Multiple File Processing Vulnerabilities

Recommended Posts

From: Secunia http://secunia.com/advisories/26124/

Rating: Highly critical

 

Description:

Sergio Alvarez has reported some vulnerabilities in NOD32 Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

 

1) A race-condition error when processing CAB archives can be exploited to cause a heap corruption when e.g. scanning a specially crafted CAB archive.

 

Successful exploitation may allow execution of arbitrary code.

 

2) A divide-by-zero error when processing Aspack and FSG packed files can be exploited to e.g. crash the application via a specially crafted Aspack or FSG packed file.

 

3) An integer-overflow error when processing Aspack packed files can be exploited to cause an infinite loop and consume large amounts of CPU resources via a specially crafted Aspack packed file.

 

The vulnerabilities are reported in versions prior to update v.2.2289.

 

Solution:

Apply update v.2.2289 or later.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...