Thread: NOD32 Antivirus Engine DOC and CHM Parsing Vulnerabilities
View Single Post
Old 21-12-2006, 11:32   #1
pedantic
Inactive
 
Join Date: Mar 2004
Location: Swinton
Services: O2 standard
Posts: 2,499
pedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronze
pedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronzepedantic is cast in bronze
Send a message via Yahoo to pedantic
NOD32 Antivirus Engine DOC and CHM Parsing Vulnerabilities
Linky

Quote:
Secunia Advisory: SA23459
Release Date: 2006-12-21


Critical: Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch

Quote:

Description: Sergio Alvarez has reported some vulnerabilities in the NOD32 Antivirus engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

1) An integer-overflow within the parsing of DOC files can be exploited to cause a heap-based buffer overflow via a specially crafted DOC file.

Successful exploitation allows execution of arbitrary code.

2) A division-by-zero error within the parsing of CHM files can be exploited to cause a DoS via a specially crafted CHM file.

The vulnerabilities are reported in versions prior to 1.1743.

Solution: Update to the latest version.
Just a heads up, as this seems to be quite a popular AV with some CF members, and is listed as highly critical.


EDIT: This is only an advisory for people who haven't updated NOD32, as this was fixed sometime ago, but has still appeared on Secunia for some unknown reason.
pedantic is offline   Reply With Quote