> ----------------------------------------------------------------------
>
> TITLE:
> NOD32 Antivirus Multiple File Processing Vulnerabilities
>
> SECUNIA ADVISORY ID:
> SA26124
>
> VERIFY ADVISORY:
>
>
> CRITICAL:
> Highly critical
>
> IMPACT:
> DoS, System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> NOD32 for Domino 2.x
>
> NOD32 for DOS 1.x
>
> NOD32 for FreeBSD 1.x
>
> NOD32 for Linux 1.x
>
> NOD32 for MS Exchange Server 0.x
>
> NOD32 for NetBSD 1.x
>
> NOD32 for Novell Netware Server 1.x
>
> NOD32 for OpenBSD 1.x
>
> NOD32 for Windows 95/98/ME 2.x
>
> NOD32 for Windows NT/2000/XP/2003 2.x
>
>
> DESCRIPTION:
> Sergio Alvarez has reported some vulnerabilities in NOD32 Antivirus,
> which can be exploited by malicious people to cause a DoS (Denial of
> Service) or compromise a vulnerable system.
>
> 1) A race-condition error when processing CAB archives can be
> exploited to cause a heap corruption when e.g. scanning a specially
> crafted CAB archive.
>
> Successful exploitation may allow execution of arbitrary code.
>
> 2) A divide-by-zero error when processing Aspack and FSG packed files
> can be exploited to e.g. crash the application via a specially crafted
> Aspack or FSG packed file.
>
> 3) An integer-overflow error when processing Aspack packed files can
> be exploited to cause an infinite loop and consume large amounts of
> CPU resources via a specially crafted Aspack packed file.
>
> The vulnerabilities are reported in versions prior to update
> v.2.2289.
>
> SOLUTION:
> Apply update v.2.2289 or later.
>
> PROVIDED AND/OR DISCOVERED BY:
> Sergio Alvarez, n.runs AG
>
> ORIGINAL ADVISORY:
> n.runs AG:
>
> tivirus%20CAB%20parsing%20Arbitrary%20Code%20Execution%20Advisory.txt
>
> tivirus%20ASPACK%20and%20FSG%20parsing%20Divide%20by%20Zero%20
Advisory.txt
>
> tivirus%20ASPACK%20parsing%20Infinite%20Loop%20Advisory.txt
>
> ESET:
>
> iew&id=3469&Itemid=26
>
