I’m sure everyone has seen this but I couldn’t find out where it may be posted so if you’ve seen this…sorry.
TITLE:
avast! Antivirus ACE File Handling Two Vulnerabilities
SECUNIA ADVISORY ID:
SA15776
VERIFY ADVISORY:
http://secunia.com/advisories/15776/
CRITICAL:
Highly critical
IMPACT:
Manipulation of data, System access
WHERE:
From remote
SOFTWARE:
avast! Antivirus 4.x
http://secunia.com/product/5162/
DESCRIPTION:
Secunia Research has discovered two vulnerabilities in avast!, which
can be exploited by malicious people to compromise a vulnerable
system.
-
An input validation error during extraction of ACE archives for
scanning can be exploited to write files to arbitrary directories.
This can be exploited when scanning a malicious archive containing a
file that has the “/…/” directory traversal sequence or an absolute
path in its filename. -
A boundary error in the scanning of ACE archives can be exploited
to cause a stack-based buffer overflow when scanning a specially
crafted ACE archive containing a file with a filename of more than
290 bytes.
Successful exploitation allows execution of arbitrary code and
writing of files to arbitrary directories, but requires ACE archive
scanning to be enabled.
The vulnerabilities are related to:
SA14359
The vulnerabilities have been confirmed in avast! Home/Professional
Edition version 4.6.665 and Server Edition version 4.6.460. The
vendor has reported that avast! Managed Client is also affected.
SOLUTION:
Home/Professional Edition:
Update to version 4.6.691.
Server Edition:
Update to version 4.6.489.
Managed Client:
Update to version 4.6.394.