ZoneAlarm Vet Anti-Virus Engine Remote Overflow

2005-05-23T08:59:34
ID OSVDB:16800
Type osvdb
Reporter OSVDB
Modified 2005-05-23T08:59:34

Description

Vulnerability Description

A remote overflow exists in the ZoneAlarm Vet Antivirus engine. ZoneAlarm fails to validate the project name length in VBA directories, resulting in a integer overflow. With a specially crafted request, an attacker can cause a heap-based buffer overflow and gain elevated privileges, resulting in a loss of integrity.

Solution Description

Upgrade to version 11.9.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in the ZoneAlarm Vet Antivirus engine. ZoneAlarm fails to validate the project name length in VBA directories, resulting in a integer overflow. With a specially crafted request, an attacker can cause a heap-based buffer overflow and gain elevated privileges, resulting in a loss of integrity.

References:

Vendor URL: https://www.zonelabs.com/ Secunia Advisory ID:15479 Other Advisory URL: http://www.rem0te.com/public/images/vet.pdf Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0574.html CVE-2005-1693