McAfee VirusScan buffer overflow vulnerability

By | March 30, 2006

McAfee ViruScan anti-virus software is confirmed as affected to remote type buffer overflow vulnerability. The vulnerability is caused due to a boundary error in a 3rd-party compression library´s (DUNZIP32.dll) old, vulnerable version used when handling packed signature files.

InnerMedia DynaZip compression library mentioned is responsible for virus description file unpacking operations. This can be exploited to cause a buffer overflow via a specially crafted signature file. When a specially crafted signature package containing a file with an overly long filename (a file name or files inside a package) is opened the attacker may be able to execute arbitrary code on user´s system. Opening of signature file is an automatic operation of product´s SecurityCenter.

Impact: If a remote attacker can persuade a user to access a specially crafted zip file, the attacker may be able to execute arbitrary code on that user´s system possibly with elevated privileges.

Original Advisory

Leave a Reply