[NEWS] Panda Antivirus ZOO Library Heap Overflow

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Panda Antivirus ZOO Library Heap Overflow
------------------------------------------------------------------------


SUMMARY

The <http://www.pandasoftware.com/> Panda Antivirus library "provides
file format support for virus analysis". During decompression of ZOO files
Panda is vulnerable to a heap overflow allowing attackers complete control
of the system(s) being protected.

This vulnerability can be exploited remotely without user interaction in
default configurations through common protocols such as SMTP.

DETAILS

Due to the library s modular design and core functionality; it is likely
this vulnerability affects a substantial portion of Panda s gateway,
server, and client Antivirus-enabled product lines on most platforms.

Successful exploitation of Panda protected systems allows attackers
unauthorized control of data and related privileges. It also provides
leverage for further network compromise. Panda implementations are likely
vulnerable in their default configuration.

The vulnerable code is responsible for Lempel-Ziv decompression of ZOO
archive formats. Specifically, the vulnerability is the result of a loop
constraint bounded by user input. An attacker may craft a section of codes
to overwrite heap memory with arbitrary data. This technique can then be
used to obtain complete control of the process importing the vulnerable
code.


ADDITIONAL INFORMATION

The original article can be found at:
<http://www.rem0te.com/public/images/panda.pdf>
http://www.rem0te.com/public/images/panda.pdf



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages