>
>
> TITLE:
> AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow
>
> SECUNIA ADVISORY ID:
> SA16851
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> AhnLab V3Net for Windows Server 6.x
>
> AhnLab MyV3
>
> AhnLab V3Pro 2004 (AhnLab V3 VirusBlock 2005)
>
>
> DESCRIPTION:
> Secunia Research has discovered a vulnerability in AhnLab V3
> Antivirus, which can be exploited by malicious people to compromise a
> vulnerable system.
>
> The vulnerability is caused due to a boundary error in the archive
> decompression library when reading the filename of a compressed file
> from an ALZ, UUE or XXE archive. This can be exploited to cause a
> stack-based buffer overflow (ALZ), or a heap-based buffer overflow
> (UUE/XXE), when a malicious ALZ/UUE/XXE archive is scanned.
>
> Successful exploitation allows arbitrary code execution, but requires
> that compressed file scanning is enabled.
>
> The vulnerability has been confirmed in the following products:
> * AhnLab V3Pro 2004 (AhnLab V3 VirusBlock 2005 international) (Build
> 6.0.0.457)
> * AhnLab V3Net for Windows Server 6.0 (Build 6.0.0.457)
> * AhnLab MyV3 with AzMain.dll 1.3.11.15
>
> Prior versions may also be affected.
>
> SOLUTION:
> AhnLab V3Pro 2004 (V3 VirusBlock 2005 international):
> Update to version 6.0.0.488 via Smart Update.
>
> AhnLab V3Net for Windows Server 6.0:
> Update to version 6.0.0.488 via Smart Update.
>
> AhnLab MyV3:
> The vulnerability has reportedly been fixed in the vendor's Korean
> MyV3 website.
>
> PROVIDED AND/OR DISCOVERED BY:
> Tan Chew Keong, Secunia Research
>
> ORIGINAL ADVISORY:
> AhnLab:
>
>
> Secunia Research:
>
>
>
