AVG Anti-Virus Multiple File Parsing Vulnerabilities

Affected Software: 
AVG Anti-Virus Free Edition 7.x
AVG Antivirus 6.x
AVG Antivirus Professional
AVG Antivirus Server


Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.


1) An integer overflow error when parsing CAB archives can be exploited to cause a heap-based buffer overflow via a specially crafted CAB archive.


2) An unspecified error when parsing RAR archives can be exploited to cause a heap-based buffer overflow via a specially crafted RAR archive.


3) An uninitialized variable error exists within the parsing of CAB archives.


4) A division by zero error when parsing DOC files may in certain cases cause a DoS via a specially crafted DOC file.


5) An unspecified error exists within the parsing of EXE files.


The vulnerabilities are reported in AVG Antivirus software versions prior to 7.1.407.


Solution: Update to the latest version


http://secunia.com/advisories/22811/

Leave a Reply