Overflows hit NOD32

Vulnerabilities disclosed after patching.

Two stack-overflow vulnerabilities have been disclosed in Eset's flagship NOD32 AntiVirus product, which could have been exploited to escalate privileges, or even execute code remotely and thus access a vulnerable system.

VB100

The overflow issues, which involve specially formatted pathnames which are not properly processed by the product when dealing with malware, were discovered by researcher Ismael Briones, and after initial reports to Eset are now being made public after successful patching in a very rapid turnaround.

The flaws are described as 'hard to exploit', and are thought unlikely to have been taken advantage of in the wild. Fixes for the product, released two weeks ago, should have been applied automatically during normal updates, but users are advised to ensure they are running the latest version of the product at all times.

Details of the flaws released by the researcher, without actual exploit code, are here, and a Secunia alert is here.

23 May 2007

Tags:    del.icio.us  digg this! digg this

Quick Links

Poll

When do you install software updates?
As soon as they are released
As soon as I have some time
I take my time, but I always install them eventually
Only when I feel it is absolutely necessary
Never
Leave a comment
View 12 comments
Jobs Career Sidebar
Twitter Feed

virusbtn: RT @emailsecmatters: The typical spam message has sources as diverse as the spam lunch meat: http://ht.ly/2yucd
2 hours ago

virusbtn: Can anyone write a rap about our RAP tests (http://bit.ly/255ySQ) and submit it to the Symantec competition http://bit.ly/bOJg8r
6 hours ago

VB2010

VB2010 VB2010 will take place 29 September - 1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada.
Virus Bulletin currently has 208,224 registered users.