[security-alerts] FW: [SA19451] McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> 
> TITLE:
> McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
> 
> SECUNIA ADVISORY ID:
> SA19451
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/19451/
> 
> CRITICAL:
> Less critical
> 
> IMPACT:
> System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> McAfee VirusScan 10.x
> http://secunia.com/product/9052/
> McAfee SecurityCenter 6.x
> http://secunia.com/product/6437/
> 
> DESCRIPTION:
> A vulnerability has been discovered in McAfee VirusScan, which
> potentially can be exploited by malicious people to compromise a
> user's system.
> 
> The vulnerability is caused due to a boundary error in a 3rd-party
> compression library (DUNZIP32.dll) when processing virus definition
> files. This can be exploited to cause a buffer overflow via a
> specially crafted definition file.
> 
> The vulnerability is related to:
> SA12869
> 
> Successful exploitation requires that the user is e.g. tricked into
> updating the virus definition file from a malicious site.
> 
> The vulnerability has been reported in McAfee VirusScan version
> 10.0.21 included with McAfee SecurityCenter Agent version 6.0.0.16.
> Prior versions may also be affected.
> 
> SOLUTION:
> Update to the fixed version of DUNZUIP32.dll via online update.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Originally discovered by eEye Digital Security and NGSSoftware in
> RealPlayer and RealOne.
> 
> Reported in McAfee VirusScan by:
> Juha-Matti Laurio
> 
> ORIGINAL ADVISORY:
> http://www.networksecurity.fi/advisories/mcafee-virusscan.html
> 
> OTHER REFERENCES:
> SA12869:
> http://secunia.com/advisories/12869/
>