NOD32 Anti-Virus ARJ Archive Filename Overflow

2005-09-08T07:24:14
ID OSVDB:19223
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2005-09-08T07:24:14

Description

Vulnerability Description

A remote overflow exists in NOD32. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ARJ archive that contains a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Eset Software has released a patch to address this vulnerability.

Short Description

A remote overflow exists in NOD32. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ARJ archive that contains a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.nod32.com/home/home.htm Security Tracker: 1014871 Secunia Advisory ID:16604 Other Advisory URL: http://secunia.com/secunia_research/2005-40/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0149.html ISS X-Force ID: 22203 CVE-2005-2903 Bugtraq ID: 14773