> -----Original Message-----
> From: list@xxxxxxxxxx [mailto:list@xxxxxxxxxx]
> Sent: Tuesday, November 29, 2005 7:02 PM
> To: full-disclosure@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Panda Remote Heap Overflow
>
> Date
> November 29, 2005
>
> Vulnerability
> The Panda Antivirus Library provides file format support for
> virus analysis. During decompression of ZOO files Panda is
> vulnerable to a heap overflow allowing attackers complete
> control of the system(s) being protected. This vulnerability
> can be exploited remotely without user interaction in default
> configurations through common protocols such as SMTP.
>
> Impact
> Successful exploitation of Panda protected systems allows
> attackers unauthorized control of data and related
> privileges. It also provides leverage for further network
> compromise. Panda implementations are likely vulnerable in
> their default configuration.
>
> Affected Products
> Due to the library's modular design and core functionality:
> it is likely this vulnerability affects a substantial portion
> of Panda's gateway, server, and client antivirus enabled
> product lines on most platforms.
>
>
>
> Note: this library is also licensed to other venders with
> implementations that are likely affected, refer to Panda for
> specifics.
>
> Details
>
>
> Credit
> This vulnerability was discovered and researched by Alex Wheeler.
>
> Contact
> security@xxxxxxxxxx
>
>
>
>
>
