TITLE: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow SECUNIA ADVISORY ID: SA16851 VERIFY ADVISORY: http://secunia.com/advisories/16851/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: AhnLab V3Net for Windows Server 6.x http://secunia.com/product/5700/ AhnLab MyV3 http://secunia.com/product/5854/ AhnLab V3Pro 2004 (AhnLab V3 VirusBlock 2005) http://secunia.com/product/5699/ DESCRIPTION: Secunia Research has discovered a vulnerability in AhnLab V3 Antivirus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ, UUE or XXE archive. This can be exploited to cause a stack-based buffer overflow (ALZ), or a heap-based buffer overflow (UUE/XXE), when a malicious ALZ/UUE/XXE archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled. The vulnerability has been confirmed in the following products: * AhnLab V3Pro 2004 (AhnLab V3 VirusBlock 2005 international) (Build 6.0.0.457) * AhnLab V3Net for Windows Server 6.0 (Build 6.0.0.457) * AhnLab MyV3 with AzMain.dll 1.3.11.15 Prior versions may also be affected. SOLUTION: AhnLab V3Pro 2004 (V3 VirusBlock 2005 international): Update to version 6.0.0.488 via Smart Update. AhnLab V3Net for Windows Server 6.0: Update to version 6.0.0.488 via Smart Update. AhnLab MyV3: The vulnerability has reportedly been fixed in the vendor's Korean MyV3 website. PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research ORIGINAL ADVISORY: AhnLab: http://global.ahnlab.com/security/security_advisory002.html Secunia Research: http://secunia.com/secunia_research/2005-48/advisory/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------