Thursday, July 31, 2008 2:13 PM
cmosby
AVG Anti-Virus UPX Processing Denial of Service - Secunia
AVG Anti-Virus UPX Processing Denial of Service
Secunia Advisory:
SA31290
Release Date:
2008-07-29
Critical:
Moderately critical
Impact:
DoS
Where:
From remote
Solution Status:
Vendor Patch
Software:
AVG Anti-Virus 8.x
Description:
Sergio ‘shadown’ Alvarez has reported a vulnerability in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a divide-by-zero error when processing UPX compressed executables. This can be exploited to cause the scanning engine to crash when scanning a specially crafted UPX compressed executable file.
The vulnerability affects versions prior to 8.0.156.
Solution:
Update to version 8.0.156 or later.
Provided and/or discovered by:
Sergio ‘shadown’ Alvarez
Original Advisory:
AVG:
http://www.grisoft.com/ww.94247n.runs AG:
http://www.nruns.com/advisories/%5Bn....g%20Divide%20by%20Zero%20Advisory.txt
Filed under: AntiVirus Information, Security, Software Vulnerabilites