Info

Disclosure

Oct 06, 2005

Discovery

Sep 19, 2005

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in multiple HAURI anti-virus products. The issue is due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive resulting in a stack-based buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity. This requires that compressed file scanning is enabled.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to vrAZMain.dll version 5.9.22.154 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

HAURI Inc.	ViRobot Expert	4.0
	ViRobot Advanced	Unknown or Unspecified
	LiveCall	Unknown or Unspecified

References

Security Tracker: 1015018 1015019
Bugtraq ID: 15045
Secunia Advisory ID: 16852
CVE ID: 2005-4786 (see also: NVD)
ISS X-Force ID: 22535
FrSIRT Advisory: ADV-2005-1978
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0150.html
Other Advisory URL: http://secunia.com/secunia_research/2005-47/advisory/

Credit

Tan Chew Keong - vulnsecunia.com - Secunia Research

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

HAURI Inc.

ViRobot Expert

ViRobot Advanced

LiveCall

References

Credit