Multiple AV vendor vulns - archived

[AplusWebMaster]

FYI...

Trend Micro OfficeScan vuln - updates available
- http://atlas.arbor.net/briefs/index#-1118575019
July 17, 2007 - "A malicious web request with an overly long session cookie can be sent to the Trend Micro OfficeScan web interface to trigger a buffer overflow in the component CGIOCommon.dll. Successful exploitation can allow the remote, anonymous attacker to execute code on the system with the permissions of the IIS web server. Trend Micro has released updated code to address this issue.
Analysis: This is a relatively trivial attack to launch for most attackers. We have not yet seen tools to exploit this, but we expect that some will be developed soon.
Source:
> http://labs.idefense.com/intelligenc...lay.php?id=559
7.16.07 - "...Trend Micro has addressed this vulnerability by releasing the following patches for affected products.
CSM3.6 security patch 1149
CSM3.5 security patch 1152
CSM3.0 security patch 1209
http://www.trendmicro.com/download/p...p?productid=39
OSCE 8.0 security patch 1042
OSCE 7.3 security patch 1293
OSCE 7.0 security patch 1364
OSCE 6.5 security patch 1364
OSCE 6.0 for SMB2.0 security patch 1398
http://www.trendmicro.com/download/p...sp?productid=5 ..."

.

[AplusWebMaster]

Updated:

Symantec AntiVirus Malformed RAR and CAB Compression Type Bypass - SYM07-019
- http://www.symantec.com/avcenter/sec...07.07.11f.html
Last modified on: Wednesday, 18-Jul-07 16:53:13 ...
Revision History:
Removed invalid CVE information
Added missing product information
Updated Symantec AntiVirus Corporate addition version information
Added information and link to new update tool for Symantec AntiVirus and Symantec Client Security
Risk Impact: High
Remote Access: -Yes- ...

> http://service1.symantec.com/SUPPORT...07071111591448
Last Modified: 07/18/2007

.

[AplusWebMaster]

FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

.

[AplusWebMaster]

FYI...

CA AV and other multiple products vuln - updates available
- http://secunia.com/advisories/26155/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch ...
Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS...

(See the advisory for the long list of affected products.)

Also see: http://secunia.com/advisories/26190/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
...The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware..."

[AplusWebMaster]

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/26530/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
Solution:
Update to version 0.91.2.
- http://sourceforge.net/project/showf...ease_id=533658
2007-08-21


Trend Micro ServerProtect multiple vulns - update available
- http://secunia.com/advisories/26523/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x...
Solution: Apply Security Patch 4 - Build 1185.
http://www.trendmicro.com/ftp/produc...ritypatch4.exe
Original Advisory: Trend Micro:
http://www.trendmicro.com/ftp/docume...ch4_readme.txt

Also see: http://secunia.com/advisories/26557/
Software: Trend Micro Anti-Spyware 3.x, Trend Micro PC-cillin Internet Security 2007

.

[AplusWebMaster]

FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/26580/
Release Date: 2007-08-24
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus...
The vulnerabilities are reported in Sophos Anti-Virus with engine versions prior to 2.48.0.
Solution: Update to engine version 2.48.0 or later...
Original Advisory: http://www.sophos.com/support/knowle...cle/28407.html
http://www.sophos.com/support/knowle...cle/14244.html ...

.

[AplusWebMaster]

FYI...

Sophos AV vuln - updates available
- http://secunia.com/advisories/26714/
Release Date: 2007-09-07
Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x
...The vulnerability is reported in versions 6.x and 7.0.0.
Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.
Original Advisory:
http://www.sophos.com/support/knowle...cle/29150.html

.