Avast! Managed Client SIS File Handling Remote Heap Overflow Vulnerability
BID:24155
Info
Avast! Managed Client SIS File Handling Remote Heap Overflow Vulnerability
| Bugtraq ID: | 24155 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-2846 |
| Remote: | Yes |
| Local: | No |
| Published: | May 25 2007 12:00AM |
| Updated: | Apr 16 2015 06:13PM |
| Credit: | Sergio Alvarez of n.runs AG is credited with the discovery of this vulnerability. |
| Vulnerable: |
Avast! Antivirus Managed Client 4.7.652 Avast! Antivirus Managed Client 4.6.394 |
| Not Vulnerable: |
Avast! Antivirus Managed Client 4.7.700 |
Discussion
Avast! Managed Client SIS File Handling Remote Heap Overflow Vulnerability
Avast! Managed Client is prone to a heap-overflow vulnerability in its SIS-processing routines.
A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition. The attacker may then be able to execute arbitrary code and fully compromise the computer.
Versions of Avast! Managed Client earlier than 4.7.700 are vulnerable to this issue.
This issue may be related to BID 24132: Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability.
Avast! Managed Client is prone to a heap-overflow vulnerability in its SIS-processing routines.
A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition. The attacker may then be able to execute arbitrary code and fully compromise the computer.
Versions of Avast! Managed Client earlier than 4.7.700 are vulnerable to this issue.
This issue may be related to BID 24132: Avast! Managed Client CAB File Handling Remote Heap Overflow Vulnerability.
Exploit / POC
Avast! Managed Client SIS File Handling Remote Heap Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Avast! Managed Client SIS File Handling Remote Heap Overflow Vulnerability
Solution:
The vendor has released version 4.7.700 to address this issue. The fixed version is available via the automatic update mechanism.
Solution:
The vendor has released version 4.7.700 to address this issue. The fixed version is available via the automatic update mechanism.
References
Avast! Managed Client SIS File Handling Remote Heap Overflow Vulnerability
References:
References:
- avast! Managed Client Revision History (Avast!)
- n.runs-SA-2007.009 - Avast! Antivirus SIS parsing Arbitrary Code Execution Advi ([email protected])
- Avast! Antivirus SIS parsing Arbitrary Code Execution Advisory ([email protected])
- Vulnerability Note VU#125868 Avast! antivirus buffer overflow vulnerability (US-CERT)