PDA

Visualizza versione completa : avast! Antivirus ACE File Handling Two Vulnerabilities


Giorgius
21-07-2005, 12.40.16
Secunia Research has discovered two vulnerabilities in avast!, which can be exploited by malicious people to compromise a vulnerable system.

1) An input validation error during extraction of ACE archives for scanning can be exploited to write files to arbitrary directories. This can be exploited when scanning a malicious archive containing a file that has the "/../" directory traversal sequence or an absolute path in its filename.

2) A boundary error in the scanning of ACE archives can be exploited to cause a stack-based buffer overflow when scanning a specially crafted ACE archive containing a file with a filename of more than 290 bytes.

Successful exploitation allows execution of arbitrary code and writing of files to arbitrary directories, but requires ACE archive scanning to be enabled.

Leggi: http://secunia.com/advisories/15776/

zen67
22-07-2005, 14.06.01
Azz ma questi untori ci si mettono 24 ore su 24 a cercare il modo di rompere i marroni.....:grrr: