NOD32 Antivirus Engine DOC and CHM Parsing Vulnerabilities
Secunia Advisory: SA23459 Release Date: 2006-12-21
Critical: Highly critical
Impact: DoS; System access
Where: From remote
Solution Status: Vendor Patch
NOD32 for Domino 2.x
NOD32 for DOS 1.x
NOD32 for FreeBSD 1.x
NOD32 for Linux 1.x
NOD32 for MS Exchange Server 0.x
NOD32 for NetBSD 1.x
NOD32 for Novell Netware Server 1.x
NOD32 for OpenBSD 1.x
NOD32 for Windows 95/98/ME 2.x
NOD32 for Windows NT/2000/XP/2003 2.x
Sergio Alvarez has reported some vulnerabilities in the NOD32 Antivirus engine, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
1) An integer-overflow within the parsing of DOC files can be exploited to cause a heap-based buffer overflow via a specially crafted DOC file.
Successful exploitation allows execution of arbitrary code.
2) A division-by-zero error within the parsing of CHM files can be exploited to cause a DoS via a specially crafted CHM file.
The vulnerabilities are reported in versions prior to 1.1743.
Solution: Update to the latest version.
Provided and/or discovered by: Sergio Alvares, n.runs AG.
Original Advisory: http://lists.grok.org.uk/pipermail/f...er/051379.html