Multiple AV vendor vulns - archived

[AplusWebMaster]

FYI...

Panda ActiveScan vulns - update available
- http://secunia.com/advisories/30841/
Release Date: 2008-07-07
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Panda ActiveScan 2.0 1.x
...Successful exploitation allows execution of arbitrary code. According to the vendor, the vulnerabilities affect versions prior to version 1.02.00.
Solution: Update to version 1.02.00 or later.
http://www.pandasecurity.com/activescan

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3155
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3156

[AplusWebMaster]

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/30657/
Last Update: 2008-07-28
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.93.3...
- http://sourceforge.net/project/shown...group_id=86638

- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2713
- http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3215

[AplusWebMaster]

FYI...

AVG DoS vuln - update available
- http://secunia.com/advisories/31290/
Release Date: 2008-07-29
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: AVG Anti-Virus 8.x ...
...The vulnerability affects versions prior to 8.0.156.
Solution: Update to version 8.0.156 or later.
Original Advisory:
AVG: http://www.grisoft.com/ww.94247

n.runs AG: http://preview.tinyurl.com/6fcaye ...

- http://www.us-cert.gov/current/archi...eleases_update

Program update AVG Free 8.0 169: http://free.avg.com/ww.94096
August 25, 2008

[AplusWebMaster]

FYI...

Trend Micro Web Mgmt authentication bypass...
- http://secunia.com/advisories/31373/
Last Update: 2008-08-29
Critical: Moderately critical
Impact: Security Bypass, Brute force
Where: From local network
Solution Status: Partial Fix
Software: Trend Micro Client Server Messaging Security for SMB 3.x
Trend Micro OfficeScan Corporate Edition 7.x
Trend Micro OfficeScan Corporate Edition 8.x
Trend Micro Worry-Free Business Security 5.x ...
Solution: Apply patches...
(See the URL above for links to patches.)

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-2433
Last revised: 09/05/2008

[AplusWebMaster]

FYI...

Trend Micro OfficeScan Server - updates available
- http://secunia.com/advisories/31342/
Release Date: 2008-09-12
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Partial Fix
...Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 7.3 with Patch 4 build 1362 applied and also affects OfficeScan version 7.0 and 8.0, and Client Server Messaging Security version 3.6, 3.5, 3.0, and 2.0.
Solution: Apply patches...

(Links to patches/updates available at the URL above.)

[AplusWebMaster]

FYI...

Trend Micro OfficeScan multiple vulns - update available
- http://secunia.com/advisories/32097/
Release Date: 2008-10-02
Critical: Moderately critical
Impact: Exposure of sensitive information, DoS, System access
Where: From remote
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 8.x
...The vulnerabilities are reported in Trend Micro OfficeScan 8.0.
Solution: Apply patches.
Trend Micro OfficeScan 8.0 Service Pack 1:
http://www.trendmicro.com/ftp/produc...atch_B2439.exe
Trend Micro OfficeScan 8.0 Service Pack 1 Patch 1:
http://www.trendmicro.com/ftp/produc...Patch_3087.exe
Original Advisory: ...Trend Micro:
http://www.trendmicro.com/ftp/docume...439_Readme.txt
http://www.trendmicro.com/ftp/docume...087_Readme.txt

[AplusWebMaster]

FYI...

F-Secure vuln - update available
- http://secunia.com/advisories/32352/
Release Date: 2008-10-21
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch
Solution: Apply patches (please see the vendor's advisory for details).
Original Advisory: FSC-2008-3:
http://www.f-secure.com/security/fsc-2008-3.shtml ...

[AplusWebMaster]

FYI...

McAfee update classifies Vista component as a Trojan
- http://www.theregister.co.uk/2008/10...n_false_alert/
21 October 2008 - "McAfee has fixed an update glitch that wrongly slapped a Trojan classification on components of Microsoft Vista. As a result of a misfiring update, published on Monday, the Windows Vista console IME executable was treated as a password-stealing Trojan. Depending on their setup, McAfee users applying would have typically found the component either quarantined or deleted. The antivirus firm fixed the glitch with a definition update on Tuesday that recognised the difference between the Vista component and malware, as explained in a write-up by McAfee here*. False positives with virus signature updates are a perennial problem for antivirus vendors, and the latest glitch is far from the first such occurrence to befall McAfee. Only two months ago in August McAfee wrongly categorised a plug-in for Microsoft Office Live Meeting as a Trojan."
* http://us.mcafee.com/virusInfo/defau...virus_k=100683

AVG flags ZoneAlarm as malware
- http://news.cnet.com/8301-1009_3-10067148-83.html
October 15, 2008 - "Grisoft, makers of AVG antivirus, on Wednesday released a new update addressing a false positive in another security product. On Tuesday, AVG users reported desktops warnings that their desktop was infected with something called Trojan Agent r.CX... The ZoneAlarm user forum soon filled with concerned users... Laura Yecies, vice president and general manager of Check Point's ZoneAlarm consumer division said, "as soon as Check Point learned that AVG's recent antivirus update was mistakenly flagging a ZoneAlarm file as a virus, we contacted AVG and they issued an update within hours that corrected the problem. AVG users will automatically get the update that corrects the issue." In July, Grisoft modified its free AVG 8 due to complaints about a proactive scanning of a Web site feature. The feature that had been enabled in the paid version of the product did not scale with the free release causing spikes in Web traffic."
- http://www.theregister.co.uk/2008/10...n_false_alarm/
16 October 2008 - "...The mis-firing AVG definition file tagged components of ZoneAlarm as infected with the Agent_r.CX Trojan horse and quarantined important files. As a result users running the popular antivirus package alongside security suite software from Check Point were left with a malfunctioning firewall, mystery infection reports and an inability to re-install their ZoneAlarm software..."

[AplusWebMaster]

FYI...

Trend Micro OfficeScan vuln - update available
- http://secunia.com/advisories/32005/
Release Date: 2008-10-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro OfficeScan Corporate Edition 7.x, Trend Micro OfficeScan Corporate Edition 8.x...
Solution: Apply patches.
Trend Micro OfficeScan 8.0 SP1 Patch 1:
http://www.trendmicro.com/ftp/produc...atch_B3110.exe
Trend Micro OfficeScan 7.3:
http://www.trendmicro.com/ftp/produc...atch_B1374.exe ...
Trend Micro:
http://www.trendmicro.com/ftp/docume...110_readme.txt
http://www.trendmicro.com/ftp/docume...374_readme.txt ...

- http://www.us-cert.gov/current/curre...critical_patch
October 22, 2008

[AplusWebMaster]

FYI...

ClamAV vuln - update available
- http://secunia.com/advisories/32663/
Release Date: 2008-11-10
Critical: Moderately critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to version 0.94.1.
> http://sourceforge.net/project/shown...group_id=86638
Download:
- http://www.clamav.net/download/sources
Changelog:
- http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog

Also see: ClamWin Free Antivirus 0.94.1 released
- http://www.clamwin.com/content/view/205/1/
Download:
- http://www.clamwin.com/content/view/18/46/
Version 0.94.1; 24.5MB

- http://web.nvd.nist.gov/view/vuln/de...=CVE-2008-5050