Overflows hit NOD32

Vulnerabilities disclosed after patching.

Two stack-overflow vulnerabilities have been disclosed in Eset's flagship NOD32 AntiVirus product, which could have been exploited to escalate privileges, or even execute code remotely and thus access a vulnerable system.

Advertise on www.virusbtn.com

The overflow issues, which involve specially formatted pathnames which are not properly processed by the product when dealing with malware, were discovered by researcher Ismael Briones, and after initial reports to Eset are now being made public after successful patching in a very rapid turnaround.

The flaws are described as 'hard to exploit', and are thought unlikely to have been taken advantage of in the wild. Fixes for the product, released two weeks ago, should have been applied automatically during normal updates, but users are advised to ensure they are running the latest version of the product at all times.

Details of the flaws released by the researcher, without actual exploit code, are here, and a Secunia alert is here.

23 May 2007

Tags:    del.icio.us  digg this! digg this

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Recruit Sidebar

Virus Bulletin

In this month's magazine:
  • Social networking meets social engineering
  • Flying solo
  • Geneva convention
  • 7th German Anti Spam Summit 2009
  • Anti-phishing landing page: turning a 404 into a teachable moment
  • An update on spamming botnets: are we losing the war?
  • Windows Server 2008 Standard Edition SP2 x86
Virus Bulletin 10 2009
Subscribe now!
Virus Bulletin currently has 190,938 registered users.