[security-alerts] FW: [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> ----------------------------------------------------------------------
> 
> TITLE:
> AVG Anti-Virus Multiple File Parsing Vulnerabilities
> 
> SECUNIA ADVISORY ID:
> SA22811
> 
> VERIFY ADVISORY:
> http://secunia.com/advisories/22811/
> 
> CRITICAL:
> Highly critical
> 
> IMPACT:
> Unknown, DoS, System access
> 
> WHERE:
> From remote
> 
> SOFTWARE:
> AVG Anti-Virus Free Edition 7.x
> http://secunia.com/product/6489/
> AVG Antivirus 6.x
> http://secunia.com/product/335/
> AVG Antivirus Professional
> http://secunia.com/product/336/
> AVG Antivirus Server
> http://secunia.com/product/337/
> 
> DESCRIPTION:
> Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus,
> which can be exploited by malicious people to cause a DoS (Denial of
> Service) or potentially compromise a vulnerable system.
> 
> 1) An integer overflow error when parsing CAB archives can be
> exploited to cause a heap-based buffer overflow via a specially
> crafted CAB archive.
> 
> 2) An unspecified error when parsing RAR archives can be exploited to
> cause a heap-based buffer overflow via a specially crafted RAR
> archive.
> 
> 3) An uninitialized variable error exists within the parsing of CAB
> archives.
> 
> 4) A division by zero error when parsing DOC files may in certain
> cases cause a DoS via a specially crafted DOC file.
> 
> 5) An unspecified error exists within the parsing of EXE files.
> 
> The vulnerabilities are reported in AVG Antivirus software versions
> prior to 7.1.407.
> 
> SOLUTION:
> Update to the latest version.
> 
> PROVIDED AND/OR DISCOVERED BY:
> Sergio Alvarez, n.runs.
> 
> ORIGINAL ADVISORY:
> Grisoft:
> http://www.grisoft.com/doc/36365/lng/us/tpl/tpl01
>