This is not a "Month of the Anti-Virus bugs" although it could have been; (though then, it would have been more adequate to call it "Month of the Parsing bugs"), all bugs that are going to be released will demonstrate what is seen by us as the weakest link within the security vendor industry: Parsing bugs
Watch this Space for more
About n.runs AG: Who we are 
Contact us , Portofolio , References , Freeware Tools
A remotely exploitable vulnerability has been found in the files parsing engine. In detail, the following flaw was determined:
- A Denial of Service caused by a Divide by Zero while parsing UPX files.
Impact
This problem can lead to remote denial of service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in AVG Antivirus software versions prior to the program update AVG 8.0.156.
Vulnerable Products
- AVG AntiVirus < 8.0.156
Read more [txt , html ]
A remotely exploitable vulnerability has been found in the files' parsing engine. In detail, the following flaw was determined:
- DoS caused by an Out-of-Bound Memory Access while parsing CHM file's header: if the nb_dir field (Chunk number of root index chunk) value is set to 0xffffffff pointers math takes place and ends up in an out-of-bound read attempt.
Impact
This problem can lead to remote denial of service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in FRISK Anti-virus software mentioned above, in all platforms supported by the affected products prior to the engine Version 4.4.4.
Vulnerable Products
- F-Prot Anti-Virus all platforms < 4.4.4
Read more [txt , html ]
A remotely exploitable vulnerability has been found in the file parsing engine. In detail, the following flaw was determined:
- One BYTE Overwrite in Arbritary Location caused by an Integer Handling issue while parsing the UPX format.
Impact
This problem can lead to remote denial of service or arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Sophos Anti-virus software listed above on all platforms supported by the affected products prior to the engine Version 2.48.0.
Vulnerable Products
- Sophos Anti-Virus for Windows Sophos Anti-Virus for Unix/Linux < 2.48.0
Read more [txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in clamav-milter when used with sendmail. In detail, the following flaw was determined:
- Arbitrary code execution due to insecure call to popen()
Impact
This vulnerability can lead to remote code execution with root privileges. Leading to a complete compromise of the vulnerable system. An attacker can inject shell commands into the recipient field of sendmail, if clamav-milter was started with the black hole mode activated. The vulnerability is present in at least clamav version 0.91.1, prior versions may also be affected.
Vulnerable Products
- ClamAV, http://www.clamav.net
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Infinite Loop in GZip file parsing
Impact
This problem can lead to a remote Denial of Service (DoS) situation through high CPU consumption and exhaustion of storage resources if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Sophos Anti-virus software mentioned above on all platforms supported by the affected products prior to the engine Version 2.48.0.
Vulnerable Products
- Sophos Anti-Virus for Windows Sophos Anti-Virus for Unix/Linux < 2.48.0
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined
- Infinite Loop in .CHM files parsing
Impact
This problem can lead to remote engine denial-of-service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in CA eTrust Antivirus software previous to file arclib.dll version 7.3.0.9.
Vulnerable Products
- CA eTrust Antivirus
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Divide by Zero in .DOC OLE2 file parsing
Impact
This problem can lead to remote engine denial of service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Norman Antivirus software since at least version 5.90.
Vulnerable Products
- All Norman Antivirus Solutions
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Detection Bypass through Integer Cast Around in .DOC OLE2 file parsing
Impact
This problem can lead to malicious code detection bypass if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Norman Antivirus software since at least version 5.90.
Vulnerable Products
- All Norman Antivirus Solutions
Read more [ txt , pdf , html ]
Multiple remotely exploitable vulnerabilities have been found in the file parsing engine. In detail, the following flaw was determined:
- 3 (Three) Buffer Overflow through Integer Cast Around in .LZH file parsing
Impact
These problems can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits any of the aforementioned vulnerabilities. The vulnerabilities are present in Norman Antivirus software since at least version 5.90.
Vulnerable Products
- All Norman Antivirus Solutions
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Buffer Overflow through Integer Cast Around in .ACE file parsing
Impact
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Norman Antivirus software since at least version 5.90.
Vulnerable Products
- All Norman Antivirus Solutions
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Buffer Overflow through Integer Cast Around in .EXE file parsing
Impact
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in Panda Antivirus software versions prior to the last update of 20.Jul.2007.
Vulnerable Products
- Panda Antivirus
Read more [ txt , pdf ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Divide by Zero in ASPACK and FSG packed files parsing
Impact
This problem can lead to remote denial of service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in NOD32 Antivirus software versions prior to the update v.2.2289.
Vulnerable Products
- ESET NOD32 Antivirus < v.2.2289
Read more [ txt , pdf ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Infinite Loop through Integer Overflow in ASPACK packed files parsing
Impact
This problem can lead to remote denial of service provoked by high CPU consume and exhaustion of storage resource if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in NOD32 Antivirus software versions prior to the update v.2.2289.
Vulnerable Products
- ESET NOD32 Antivirus < v.2.2289
Read more [ txt , pdf ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Corruption through Race Condition in .CAB file parsing
Impact
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in NOD32 Antivirus software versions prior to the update v.2.2289.
Vulnerable Products
- ESET NOD32 Antivirus < v.2.2289
Read more [ txt , pdf ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Infinite Loop in FSG Parsing
This problem can lead to a Denial of Service condition if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- F-Secure Anti-Virus for Workstations version 5.44 and earlier
- F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
- F-Secure Anti-Virus for Citrix Servers version 5.52
- F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
- F-Secure Anti-Virus Client Security version 6.03 and earlier
- F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
- F-Secure Internet Gatekeeper version 6.60 and earlier
- F-Secure Internet Security 2005, 2006 and 2007
- F-Secure Anti-Virus 2005, 2006 and 2007 Solutions based on
- F-Secure Protection Service for Consumers version 6.40 and earlier
- F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
- F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
- F-Secure Anti-Virus Linux Client Security 5.30 and earlier
- F-Secure Anti-Virus Linux Server Security 5.30 and earlier
- F-Secure Internet Gatekeeper for Linux 2.16 and earlier
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Infinite Loop in ARJ Parsing
This problem can lead to a Denial of Service condition if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- F-Secure Anti-Virus for Workstations version 5.44 and earlier
- F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
- F-Secure Anti-Virus for Citrix Servers version 5.52
- F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
- F-Secure Anti-Virus Client Security version 6.03 and earlier
- F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
- F-Secure Internet Gatekeeper version 6.60 and earlier
- F-Secure Internet Security 2005, 2006 and 2007
- F-Secure Anti-Virus 2005, 2006 and 2007 Solutions based on
- F-Secure Protection Service for Consumers version 6.40 and earlier
- F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
- F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
- F-Secure Anti-Virus Linux Client Security 5.30 and earlier
- F-Secure Anti-Virus Linux Server Security 5.30 and earlier
- F-Secure Internet Gatekeeper for Linux 2.16 and earlier
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Buffer Overflow through Integer wrap around in .LZH files parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- F-Secure Anti-Virus for Workstations version 5.44 and earlier
- F-Secure Anti-Virus for Windows Servers version 5.52 and earlier
- F-Secure Anti-Virus for Citrix Servers version 5.52
- F-Secure Anti-Virus for MIMEsweeper version 5.61 and earlier
- F-Secure Anti-Virus Client Security version 6.03 and earlier
- F-Secure Anti-Virus for MS Exchange version 6.40 and earlier
- F-Secure Internet Gatekeeper version 6.60 and earlier
- F-Secure Internet Security 2005, 2006 and 2007
- F-Secure Anti-Virus 2005, 2006 and 2007 Solutions based on
- F-Secure Protection Service for Consumers version 6.40 and earlier
- F-Secure Anti-Virus for Linux Servers version 4.65 and earlier
- F-Secure Anti-Virus for Linux Gateways version 4.65 and earlier
- F-Secure Anti-Virus Linux Client Security 5.30 and earlier
- F-Secure Anti-Virus Linux Server Security 5.30 and earlier
- F-Secure Internet Gatekeeper for Linux 2.16 and earlier
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Infinite Loop in TAR Parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- Avira Antivir <7.03.00.09
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Divide by Zero in UPX packed files parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- Avira Antivir <7.03.00.09
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Buffer Overflow through Integer Cast Around in .LZH file parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- Avira Antivir <7.03.00.09
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Overflow through Integer Cast Around in .CAB file parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- AVAST antivirus < 4.7.700
Read more [ txt , pdf , html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Overflow through Integer Cast Around in .SISfile parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- AVAST antivirus < 4.7.700
Read more [ txt , pdf ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Overflow through Integer Overflow in .CAB file parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- NOD32 < v.1.1743
Read more [ html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Overflow through Integer Overflow in .DOC File Parsing
- Divide by Zero in .CHM file parsing
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- NOD32 < v.1.1743
Read more [ html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Overflow through Integer Overflow in Packed PE File Parsing
Impact
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- BitDefender Antivirus,
- BitDefender Antivirus Plus,
- BitDefender Internet Security,
- BitDefender Mail Protection for Enterprises,
- BitDefender Online Scanner,
- BitDefender for ISA Server,
- BitDefender for MS Exchange 2000,
- BitDefender for MS Exchange 2003,
- BitDefender for MS Exchange 5.5
Read more [ html ]
A remotely exploitable vulnerabilityhas been found in the file parsing engine. In detail, the following flaw was determined:
- Heap Overflow through Integer Overflow in .CAB file parsing
- Uninitialized Variable flaw in .CAB file parsing.
- Divide by Zero in .DOC file parsing.
- Heap Overflow through Integer Overflow in .RAR file parsing
- Integer Issues in .EXE file parsing.
Impact
This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability
Vulnerable Products
- AVG Antivirus software versions prior to 7.1.407
Read more [ html ]
