-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===

Avira AntiVir Engine -- Denial of Service / Filtering Evasion
- -------------------------------------------------------------

Affected Versions
=================
Avira AntiVir Engine < 8.2.12.58

Affected products using the AntiVir engine are:

Avira Server Security
Avira AntiVir MailGate
Avira AntiVir MailGate Suite
Avira Exchange Security
Avira AntiVir WebGate
Avira AntiVir WebGate Suite
Avira AntiVir SharePoint
Avira Professional Security
Avira AntiVir Personal
Avira Savapi

Problem Overview
================
Technical Risk: high
Likelihood of Exploitation: high
Vendor: Avira Operations GmbH & Co. KG
Credits: LSE Leading Security Experts GmbH employees Markus Vervier
and Eric Sesterhenn
Advisory URL: http://www.lsexperts.de/advisories/lse-2013-06-13.txt
Advisory Status: Public
CVE-Number: CVE-2013-4602

Problem Description
===================
While conducting a penetration test on a customer system LSE Leading
Security Experts GmbH discovered a Denial of Service vulnerability and
possible memory corruption in the Avira AntiVir Engine.
By scanning specially crafted PDF documents, a bug can be triggered
which causes an endless loop in the scanning engine.

Temporary Workaround and Fix
============================
LSE Leading Security Experts GmbH advises to install the latest
updates via the update functionality. The fix for this issue was
released by Avira Operations GmbH on 2013-06-11.

Problem Impact
==============
When scanning specially crafted PDF documents an endless loop is
caused in the Avira AntiVir scanning engine. This allows an attacker
to stall the antivirus engine and prevent malicious files from being
detected.
Additionally an attacker may be able to cause the antivirus engine to
consume all available resources on the system. In case of enterprise
setups like for example mailgateways an effective Denial of Service
attack can be launched on the whole system.
LSE Leading Security Experts GmbH will provide additional details
including a proof of concept on a later date to protect affected
customers.

History
=======
2013-06-05 Problem discovery during penetration testing
2013-06-06 Original vendor contacted
2013-06-06 Vulnerability confirmed by vendor
2013-06-11 Updated Engine Released
2013-06-13 CVE-2013-4602 assigned
2013-06-13 Coordinated Advisory Release
- -- 
http://www.lsexperts.de
LSE Leading Security Experts GmbH, Postfach 100121, 64201 Darmstadt
Tel.: +49 (0) 6151 86086-0, Fax: -299,
Unternehmenssitz: Weiterstadt, Amtsgericht Darmstadt: HRB8649
Geschäftsführer: Oliver Michel, Sven Walther, Dr. Peter Schill
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJRucGlAAoJEDgSCSGZ4yd8czUQALx7SSxJHOL/yNXIruEE+ZO6
uSwsnMlfKZc9Pp4+D7aTvdeA8ZYIbHgDJ9V/lHBXu08d496PaBDcxClvyMqKn/DF
fnT4rylPfuCLvA9qfPLQtswUMzzM5GeC97+xb+7J0zTXIkDkH+7k6uodzEdmVhsn
qVt+qWaO1CEbjEKIkQ4kirbvScNRTF3BlJcJsvPtI4vmrssLyUTeVm5Gamx47LfE
S25i3zMkqIH9yJTJoJNKWwXlnzpRjVxpUyN/ZmcvwXgXzFmJ3Q3b6Bt4cVquw0O9
/EPZWQmd6z+qe3Z3QC0Q2UabNWW/lqvsyliguF0gwc/X+HXPVGQtJ+AIieg0HwB6
QLTeYHuJXl/ZYaKCqMFFSX/0ZHhUsOMUZWa9FQlfAmXOvvWe2gIz8Q7zIVJAUmqR
s9Zxj6NMtYw/PiQNxEmSVypudYS+lD05eYqldPZtTsByf7gVd/RRlJzhXVznxWxZ
eqBWys6wrhnVfWvArhOJQqWsCrrI7by0GXDavQ+Ar6wYa9ovvPQDDUp8kfdZNEoV
k6WOH8YYu6942uxZF39dFUbx7Gk+GU4lgzcmNtXx62sU9S63zG07gWl98zcpgR0N
IpMITxyyYa0QJ23Ig07D+QQpOjPQN4wnJSqVwnpED1dumTaUrYSgm8GTgSP7wm7n
6Gvy3ghRtVKuQja0qwrY
=BxkJ
-----END PGP SIGNATURE-----