BitDefender Antivirus Scanner for Unices PE File Parsing Integer Overflows

ERCOLINO

Membro dello Staff
Amministratore
Registrato
3 Marzo 2003
Messaggi
246.125
Località
Torino
Secunia Advisory: SA33240

Release Date: 2008-12-19


Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: BitDefender Antivirus Scanner for Unices 7.x


Description:
Some vulnerabilities have been reported in BitDefender, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerabilities are caused due to integer overflows when processing certain PE files packed with NeoLite or ASProtect. This can potentially be exploited to execute arbitrary code via specially crafted PE files.

The vulnerabilities are reported in version 7.60825 and prior. Other versions may also be affected.

Solution:
Reportedly fixed via automatic updates since September 24, 2008.



Bollettino Sicurezza
 
Indietro
Alto Basso