Secunia Advisory: SA25380
Release Date: 2007-05-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: avast! Managed Client 4.x
avast! Server Edition 4.x
Description:
Sergio Alvarez has reported a vulnerability in avast!, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the parsing of .CAB files and can be exploited to cause a heap-based buffer overflow via a specially crafted .CAB file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
Solution:
Update to the latest versions.
http://www.avast.com/eng/download.html
Bollettino Secunia
Release Date: 2007-05-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: avast! Managed Client 4.x
avast! Server Edition 4.x
Description:
Sergio Alvarez has reported a vulnerability in avast!, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the parsing of .CAB files and can be exploited to cause a heap-based buffer overflow via a specially crafted .CAB file.
Successful exploitation may allow execution of arbitrary code.
The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
Solution:
Update to the latest versions.
http://www.avast.com/eng/download.html
Bollettino Secunia