HAURI ViRobot Buffer Overflow in Processing ALZ Archives Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1015019 |
|
SecurityTracker URL: http://securitytracker.com/id/1015019
|
|
CVE Reference:
CVE-2005-4786
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Oct 7 2005
|
Impact:
Execution of arbitrary code via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): Expert 4.0
|
Description:
A vulnerability was reported in HAURI ViRobot in the processing of ALZ archives. A remote user can execute arbitrary code on the target system.
A remote user can create an ALZ archive with a compressed file with a specially crafted filename. When the archive is scanned, arbitrary code will be executed on the target system.
ViRobot Expert 4.0 and ViRobot Advanced Server are affected.
'vrAZMain.dll' version 5.8.22.137 is affected.
The vendor was notified on September 9, 2005.
Tan Chew Keong of Secunia Research reported this vulnerability.
|
Impact:
A remote user can cause arbitrary code to be executed on the target system.
|
Solution:
The vendor has issued a fix for ViRobot Expert 4.0 and ViRobot Advanced Server, available via the online update feature. The fixed version of 'vrAZMain.dll' is version 5.9.22.154.
|
Vendor URL: www.globalhauri.com/html/products/products.html (Links to External Site)
|
Cause:
Boundary error
|
Underlying OS:
Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 7 Oct 2005 00:00:15 -0400
Subject: HAURI Anti-Virus ALZ Archive Handling Buffer Overflow
|
http://secunia.com/secunia_research/2005-47/advisory/
|
|
