Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability

Bugtraq ID:	24132
Class:	Boundary Condition Error
CVE:	CVE-2007-2845
Remote:	Yes
Local:	No
Published:	May 24 2007 12:00AM
Updated:	May 07 2015 05:37PM
Credit:	Sergio Alvarez of n.runs AG is credited with the discovery of this vulnerability.
Vulnerable:	Avast Antivirus Managed Client 4.7.652 Avast Antivirus Managed Client 4.6.394
Not Vulnerable:	Avast Antivirus Managed Client 4.7.700

Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability

Avast! Managed Client is prone to a heap-overflow vulnerability in its CAB-processing routines.

A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition. The attacker may then be able to execute arbitrary code and fully compromise the computer.

Versions of Avast! Managed Client earlier than 4.7.700 are vulnerable to this issue.

Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability

Solution:
The vendor has released version 4.7.700 to address this issue. The fixed version is available via the automatic update mechanism.

Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability

References:

• avast! Managed Client Revision History (Avast!)