full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] n.runs-SA-2007.008 - Avast

[Full-disclosure] n.runs-SA-2007.008 - Avast! Antivirus CAB parsing Arbitrary Code Execution Advisory

From: <security_at_nospam>
Date: Thu May 24 2007 - 10:38:28 GMT
To: <full-disclosure@lists.grok.org.uk>, "'BugTraq'" <bugtraq@securityfocus.com>

n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2007.008 24-May-2007
Vendor: ALWIL Software a.s., http://www.avast.com Affected Product: avast! antivirus Vulnerability: Arbitrary Code Execution (remote) Risk: HIGH

Vendor communication: 2007/05/07 initial notification to ALWIL Software a.s. 2007/05/07 ALWIL Software a.s. Response 2007/05/07 PoC files sent to ALWIL Software a.s. 2007/05/09 ALWIL Software a.s. Response 2007/05/09 resent PoC files sent to ALWIL Software a.s. 2007/05/09 ALWIL Software a.s. acknowledge the PoC files 2007/05/10 ALWIL Software a.s. issued the fix for testing 2007/05/16 ALWIL Software a.s. released Update with fixes


The company specializes in security software, with avast! antivirus being the flagship product line. During the lifetime of the product line, avast! products have become both award winning, and number one in a number of key markets, as well as increasing market share year-on-year since first international release.
On 11th May 2007 avastR! antivirus Home Edition reached 30 million registered users.


A remotely exploitable vulnerability has been found in the file parsing engine.

In detail, the following flaw was determined:

  • Heap Overflow through Integer Cast Around in .CAB file parsing


This problem can lead to remote arbitrary code execution if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in avast! Antivirus software versions prior to the update Version 4.7.700.

The vulnerability was reported on 07.May.2007 and an update has been issued on 16.May.2007 to solve this vulnerability through the regular update mechanism.

Bugs found by Sergio Alvarez of n.runs AG.

http://www.avast.com/eng/adnm-management-client-revision-history.html http://www.avast.com/eng/search.php?searchFor=sergio+alvarez

This Advisory and Upcoming Advisories:

Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages.

Copyright 2007 n.runs AG. All rights reserved. Terms of apply.

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/