SecuriTeam - Panda Antivirus ZOO Library Heap Overflow

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

The Panda Antivirus library "provides file format support for virus analysis". During decompression of ZOO files Panda is vulnerable to a heap overflow allowing attackers complete control of the system(s) being protected.

This vulnerability can be exploited remotely without user interaction in default configurations through common protocols such as SMTP.

Credit:
The original article can be found at: http://www.rem0te.com/public/images/panda.pdf

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Due to the library s modular design and core functionality; it is likely this vulnerability affects a substantial portion of Panda s gateway, server, and client Antivirus-enabled product lines on most platforms.

Successful exploitation of Panda protected systems allows attackers unauthorized control of data and related privileges. It also provides leverage for further network compromise. Panda implementations are likely vulnerable in their default configuration.

The vulnerable code is responsible for Lempel-Ziv decompression of ZOO archive formats. Specifically, the vulnerability is the result of a loop constraint bounded by user input. An attacker may craft a section of codes to overwrite heap memory with arbitrary data. This technique can then be used to obtain complete control of the process importing the vulnerable code.

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability