Series of products hit by vulnerabilities

Posted by   Virus Bulletin on   Jul 25, 2007

Researcher finds flaws in ESET, Panda and Norman AV software.

Researcher Sergio Alvarez has reported on vulnerabilities found in a string of anti-virus products this week, with software ranges from ESET, Panda and Norman all hit by serious buffer-overflow flaws, allowing remote access if exploited.

The ESET problems involve the handling of CAB archives and files packed with ASpack, with NOD32 anti-virus systems for most platforms affected. Norman's issues also affect archive handling, in this case ACE and LZH, as well as DOC files, while the Panda overflows can be caused by specially crafted executables; again, multiple products from both vendors are affected.

All the vulnerabilities have been patched by recent updates, and users should be sure they are running fully up-to-date software to ensure they are protected. Summaries of the flaws at Secunia are here (ESET), here (Norman) and here (Panda), while more detailed descriptions of the discoveries are in the initial reports from Alvarez on nruns.com.

Posted on 25 July 2007 by Virus Bulletin

twitter.png
fb.png
linkedin.png
googleplus.png
reddit.png

 

Latest posts:

VB2018 call for papers now open!

Have you analysed a new online threat? Do you know a new way to defend against such threats? Are you tasked with securing systems and fending off attacks? The call for papers for VB2018 is now open and we want to hear from you!

Book review: Serious Cryptography

VB Editor Martijn Grooten recommends Jean-Philippe Aumasson's 'Serious Cryptography' as a very solid but practically focused introduction to cryptography.

Necurs pump-and-dump spam campaign pushes obscure cryptocurrency

A Necurs pump-and-dump spam campaign pushing the lesser known Swisscoin botnet is mostly background noise for the Internet.

Alleged author of creepy FruitFly macOS malware arrested

A 28-year old man from Ohio has been arrested on suspicion of having created the mysterious FruitFly malware that targeted macOS and used it to spy on its victims.

The threat and security product landscape in 2017

At the start of the new year, Virus Bulletin looks back at the threats seen in the 2017 and at the security products that are available to help mitigate them.