German | English
n.runs AG - Company
 
 
n.runs AG
Services by n.runs
IT INFRASTRUCTURE
IT SECURITY
IT BUSINESS CONSULTING
IT SOFTWARE

n.runs AG
Nassauer Straße 60
D-61440 Oberursel
Phone: +49 (0) 6171/699-0
Fax: +49 (0) 6171/699-199
E-mail: contact@nruns.com
Newsletter signup
Imprint

n.runs-SA-2006.002 AVG Anti-Virus - Arbitrary Code Execution (remote)

n.runs AG
http://www.nruns.com
n.runs-SA-2006.002

security(at)nruns.com
13-Nov-2006

* * *

Vendor: Grisoft Inc., http://grisoft.com
Product: AVG Anti-Virus
Vulnerability: Arbitrary Code Execution (remote)
Risk: HIGH

Vendor communication:
2006/08/24 initial notification to Grisoft Inc.
2006/08/24 Grisoft Inc. Response
2006/08/25 PGP keys exchange
2006/08/25 PoC files sent to Grisoft Inc.
2006/08/30 Bugs Confirmation, Timeframe Coordination for patchs development and testing
2006/09/20 Grisoft Inc. released Update with fixes

Overview:
Grisoft is focused on developing software solutions that provide protection from computer viruses. Grisoft's primary focus is to deliver the most comprehensive and proactive protection available on the market.

Distributed globally through resellers and through the internet, the AVG Anti-Virus product line supports all major operating systems and platforms. More than 40 million users around the world use Grisoft AVG products to protect their computers and networks.

Description:
Multiple vulnerabilities have been found in the file parsing engine.

In detail, the following flaws were determined:

- Heap Overflow through Integer Overflow in .CAB file parsing
- Uninitialized Variable flaw in .CAB file parsing.
- Divide by Zero in .DOC file parsing.
- Heap Overflow through Integer Overflow in .RAR file parsing
- Integer Issues in .EXE file parsing.


These problems can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits one or more of the aforementioned vulnerabilities. The vulnerabilities are present in AVG Antivirus software versions prior to 7.1.407.

Solution:
The vulnerabilities were reported on Aug 24 and the fixes were released on Sep 20. The updated software versions are available from http://www.grisoft.com/doc/10/lng/us/tpl/tpl01.

Credit:
Bugs found by Sergio Alvarez of n.runs AG.

References:
http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2006 n.runs AG. All rights reserved. Terms of apply.
Penetration Test
 

27 Oct 2008:
Advisory: Eaton MGE OPS Network Shutdown Moduleauthentication bypass and code execution

* * *

21 Oct 2008:
Advisory: Internet Explorer HTML Object Memory Corruption

* * *

30 September 2008:
Corporate News
Figures from the first half of 2008 confirm expansion
+++ Revenues increase by around 30 percent to EUR 3.32m EBITDA improved
+++ by EUR 0.27m to EUR -0.35m Profit impacted by software investments,
+++ consulting profitable Outlook 2008


* * *

17 Sep 2008:
Corporate News
Microsoft selects n.runs as a member of the new program Microsoft Secure Development Lifecycle Pro Network
+++ n.runs AG exclusive member of Microsoft SDL Pro Network
+++ Only member of the MS SDL Pro Network on the European mainland
+++ Medium-term contribution to revenues in excess of 10 percent planned
* * *

10 Sep 2008:
Advisory alert:
Cross-Site Scripting Filter Evasion in various frameworks

* * *

10 Sep 2008:
Advisory alert: 
Horde Framework Cross-Site Scripting in filename MIME attachments

* * *

26 Aug 2008:
Press-release
IT Security for Governments and Military Organizations:
n.runs and Thales Now Co-operating


* * *

25 Aug 2008:
Press-release
Growing threat:
serious attacks on E-Mail-/AV systems constantly increasing n.runs introduces aps-AV – Protective cover for antivirus software


* * *

01 Aug 2008:
Advisory alert:  
MacOS X - CoreServices Framework's CarbonCore FrameworkArbitrary Code Execution