Overflows hit NOD32
Vulnerabilities disclosed after patching.
Two stack-overflow vulnerabilities have been disclosed in Eset's flagship NOD32 AntiVirus product, which could have been exploited to escalate privileges, or even execute code remotely and thus access a vulnerable system.

The overflow issues, which involve specially formatted pathnames which are not properly processed by the product when dealing with malware, were discovered by researcher Ismael Briones, and after initial reports to Eset are now being made public after successful patching in a very rapid turnaround.
The flaws are described as 'hard to exploit', and are thought unlikely to have been taken advantage of in the wild. Fixes for the product, released two weeks ago, should have been applied automatically during normal updates, but users are advised to ensure they are running the latest version of the product at all times.
Details of the flaws released by the researcher, without actual exploit code, are here, and a Secunia alert is here.
23 May 2007
Tags:
del.icio.us
digg this
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010

Quick Links
![]() |
Poll
When do you install software updates?Leave a comment
View 12 comments

2 hours ago
6 hours ago
VB2010
VB2010 will take place 29 September - 1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.
Virus Bulletin currently has 208,224 registered users.



