----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
avast! Antivirus ACE File Handling Two Vulnerabilities

SECUNIA ADVISORY ID:
SA15776

VERIFY ADVISORY:
http://secunia.com/advisories/15776/

CRITICAL:
Highly critical

IMPACT:
Manipulation of data, System access

WHERE:
>From remote

SOFTWARE:
avast! Antivirus 4.x
http://secunia.com/product/5162/

DESCRIPTION:
Secunia Research has discovered two vulnerabilities in avast!, which
can be exploited by malicious people to compromise a vulnerable
system.

1) An input validation error during extraction of ACE archives for
scanning can be exploited to write files to arbitrary directories.
This can be exploited when scanning a malicious archive containing a
file that has the "/../" directory traversal sequence or an absolute
path in its filename.

2) A boundary error in the scanning of ACE archives can be exploited
to cause a stack-based buffer overflow when scanning a specially
crafted ACE archive containing a file with a filename of more than
290 bytes.

Successful exploitation allows execution of arbitrary code and
writing of files to arbitrary directories, but requires ACE archive
scanning to be enabled.

The vulnerabilities are related to:
SA14359

The vulnerabilities have been confirmed in avast! Home/Professional
Edition version 4.6.665 and Server Edition version 4.6.460. The
vendor has reported that avast! Managed Client is also affected.

SOLUTION:
Home/Professional Edition:
Update to version 4.6.691.

Server Edition:
Update to version 4.6.489.

Managed Client:
Update to version 4.6.394.

PROVIDED AND/OR DISCOVERED BY:
Tan Chew Keong, Secunia Research.

ORIGINAL ADVISORY:
Secunia Research:
http://secunia.com/secunia_research/2005-20/advisory/

OTHER REFERENCES:
SA14359:
http://secunia.com/advisories/14359/

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------