Secunia Advisory: SA19451 Print Advisory
Release Date: 2006-03-30
Critical:Less critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee SecurityCenter 6.x
McAfee VirusScan 10.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
CVE reference: CVE-2004-1094
Description:
A vulnerability has been discovered in McAfee VirusScan, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in a 3rd-party compression library (DUNZIP32.dll) when processing virus definition files. This can be exploited to cause a buffer overflow via a specially crafted definition file.
The vulnerability is related to:
SA12869
Successful exploitation requires that the user is e.g. tricked into updating the virus definition file from a malicious site.
The vulnerability has been reported in McAfee VirusScan version 10.0.21 included with McAfee SecurityCenter Agent version 6.0.0.16. Prior versions may also be affected.
Solution:
Update to the fixed version of DUNZIP32.dll via online update.
Bollettino secunia
Release Date: 2006-03-30
Critical:Less critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: McAfee SecurityCenter 6.x
McAfee VirusScan 10.x
Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.
CVE reference: CVE-2004-1094
Description:
A vulnerability has been discovered in McAfee VirusScan, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in a 3rd-party compression library (DUNZIP32.dll) when processing virus definition files. This can be exploited to cause a buffer overflow via a specially crafted definition file.
The vulnerability is related to:
SA12869
Successful exploitation requires that the user is e.g. tricked into updating the virus definition file from a malicious site.
The vulnerability has been reported in McAfee VirusScan version 10.0.21 included with McAfee SecurityCenter Agent version 6.0.0.16. Prior versions may also be affected.
Solution:
Update to the fixed version of DUNZIP32.dll via online update.
Bollettino secunia