Crafted EXE files can inject code in ClamAV
April 14, 2008 – 12:21 PMSecurity service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated EXE files.
According a Secunia advisory, a boundary error in the cli_scanpe() function in libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows .exe files) compressed with the Upack runtime packer can provoke this buffer overflow to inject and execute code.
ClamAV’s developers apparently intend to release an updated version soon that will remedy the vulnerability in versions up to and including 0.92.1. Until then, administrators running ClamAV on their servers should check executable Windows files with a different virus scanner and install the ClamAV update as soon as it becomes available.
See also:
- ClamAV Upack Processing Buffer Overflow Vulnerability, Secunia security advisory
- Download the current version of ClamAV
Source: Heise Security
You must be logged in to post a comment.