---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: AVIRA Antivirus ACE Archive Handling Buffer Overflow SECUNIA ADVISORY ID: SA16691 VERIFY ADVISORY: http://secunia.com/advisories/16691/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: AVIRA Desktop for Windows 1.x http://secunia.com/product/5694/ DESCRIPTION: Secunia Research has discovered a vulnerability in AVIRA Desktop for Windows antivirus, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when reading the filename of a compressed file from an ACE archive. This can be exploited to cause a stack-based buffer overflow when an ACE archive containing a compressed file with an overly long filename is scanned. Successful exploitation allows arbitrary code execution, but requires that archive scanning is enabled. The vulnerability has been confirmed in version 1.00.00.68 with AVPACK32.DLL version 6.31.0.3. The vulnerability is related to: SA14359 SOLUTION: Update to the latest version via online update. (AVPACK32.DLL version 6.31.1.7). PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research. ORIGINAL ADVISORY: AVIRA: http://www.avira.com/en/news/avira_desktop_for_windows_patched_against_vulnerability.html Secunia Research: http://secunia.com/secunia_research/2005-43/advisory/ OTHER REFERENCES: SA14359: http://secunia.com/advisories/14359/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------