[Full-disclosure] Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability
From: Zone Labs Product Security (Product-Security_at_zonelabs.com)
Date: 05/25/05
- Previous message: Random Letters: "[Full-disclosure] Stealth virus warning sounded again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 25 May 2005 08:43:52 -0700 To: <bugtraq@securityfocus.com>, <full-disclosure@lists.grok.org.uk>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Zone Labs Security Alert
Zone Labs Anti-virus Engine OLE Processing Issue
Date Published May 24, 2005
Date Last Revised May 24, 2005
Severity High
Overview
========
A security vulnerability existed in the anti-virus engine of specific
versions of ZoneAlarm Anti-Virus and ZoneAlarm Security Suite
(ZoneAlarm and ZoneAlarm Pro are not affected.)
The vulnerability was caused due to an integer overflow in the Vet
anti-virus engine (VetE.dll) when analyzing OLE streams. This can be
exploited to cause a heap-based buffer overflow via a specially
crafted Microsoft Office document.
Zone Labs has released an updated anti-virus engine for affected
products which is automatically applied during the next anti-virus
update, which typically occurs daily. Customers may also manually
update their anti-virus service for immediate protection.
Zone Labs remains committed to providing our customers with advanced
Internet security technologies for PC protection.
Impact
======
If successfully exploited, a skilled attacker could cause the
firewall to stop processing traffic, execute arbitrary code, or
elevate malicious code's privileges.
Zone Labs recommends affected users update their anti-virus engine
and definitions to the current versions which address the issue.
Affected Products
* ZoneAlarm Anti-virus and ZoneAlarm Security Suite
Unaffected Products
* ZoneAlarm and ZoneAlarm Pro
* Check Point Integrity clients and Integrity Server
* Integrity Clientless Security products
Description
===========
ZoneAlarm Anti-Virus and ZoneAlarm Security Suite use the Vet engine
from Computer Associates for anti-virus detection. Due to an
integer wrap issue in the code associated with OLE processing, a
heap overflow may occur which could potentially allow a skilled
attacker
to cause the firewall to stop processing traffic or execute arbitrary
code.
Recommended Actions
===================
ZoneAlarm Anti-virus and ZoneAlarm Security Suite users should
upgrade the anti-virus engine to version 11.9.1 or later.
To update your ZoneAlarm Anti-virus or Security Suite product:
1. Select Antivirus
2. In the Status area, choose the Update Now option
3. Select Overview | Product Info and verify that the Antivirus
Vet engine version is 11.9.1 or higher
Related Resources
=================
Zone Labs Security Services: http://www.zonelabs.com/security
Acknowledgments
===============
Zone Labs would like to thank Alex Wheeler for reporting this issue
to Zone Labs.
Contact
=======
Zone Labs customers who are concerned about this vulnerabilities or
have additional technical questions may reach our Technical Support
group at: http://www.zonelabs.com/support/
To report security issues with Zone Labs products contact:
security@zonelabs.com. Note that any other matters sent to this
email address will not receive a response.
Disclaimer:
The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this information.
Neither the author nor the publisher accepts any liability for any
direct, indirect, or consequential loss or damage arising from use
of, or reliance on, this information. Zone Labs and Zone Labs
products, are registered trademarks of Zone Labs LLC and/or
affiliated companies in the United States and other countries.
All other registered and unregistered trademarks represented in
this document are the sole property of their respective
companies/owners.
Copyright:
(c)2005 Zone Labs LLC All rights reserved. Zone Labs, TrueVector,
ZoneAlarm, and Cooperative Enforcement are registered trademarks
of Zone Labs LLC. The Zone Labs logo, Check Point Integrity and
IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity
protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off.
Cooperative Enforcement is a service mark of Zone Labs LLC All other
trademarks are the property of their respective owners.
Any reproduction of this alert other than as an unmodified copy of
this file requires authorization from Zone Labs. Permission to
electronically redistribute this alert in its unmodified form is
granted. All other rights, including the use of other media, are
reserved by Zone Labs LLC.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBQpSdxVDxXw2Is3mLEQIvJwCcC5EsnbBQ+QWVaUZBdXh0o1zBMkkAoIxg
2nXt1uCFFTGXjZlahfemO6PI
=0Ubb
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Previous message: Random Letters: "[Full-disclosure] Stealth virus warning sounded again"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
