-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Zone Labs Security Alert Zone Labs Anti-virus Engine OLE Processing Issue Date Published May 24, 2005 Date Last Revised May 24, 2005 Severity High Overview ======== A security vulnerability existed in the anti-virus engine of specific versions of ZoneAlarm Anti-Virus and ZoneAlarm Security Suite (ZoneAlarm and ZoneAlarm Pro are not affected.) The vulnerability was caused due to an integer overflow in the Vet anti-virus engine (VetE.dll) when analyzing OLE streams. This can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Office document. Zone Labs has released an updated anti-virus engine for affected products which is automatically applied during the next anti-virus update, which typically occurs daily. Customers may also manually update their anti-virus service for immediate protection. Zone Labs remains committed to providing our customers with advanced Internet security technologies for PC protection. Impact ====== If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges. Zone Labs recommends affected users update their anti-virus engine and definitions to the current versions which address the issue. Affected Products * ZoneAlarm Anti-virus and ZoneAlarm Security Suite Unaffected Products * ZoneAlarm and ZoneAlarm Pro * Check Point Integrity clients and Integrity Server * Integrity Clientless Security products Description =========== ZoneAlarm Anti-Virus and ZoneAlarm Security Suite use the Vet engine from Computer Associates for anti-virus detection. Due to an integer wrap issue in the code associated with OLE processing, a heap overflow may occur which could potentially allow a skilled attacker to cause the firewall to stop processing traffic or execute arbitrary code. Recommended Actions =================== ZoneAlarm Anti-virus and ZoneAlarm Security Suite users should upgrade the anti-virus engine to version 11.9.1 or later. To update your ZoneAlarm Anti-virus or Security Suite product: 1. Select Antivirus 2. In the Status area, choose the Update Now option 3. Select Overview | Product Info and verify that the Antivirus Vet engine version is 11.9.1 or higher Related Resources ================= Zone Labs Security Services: http://www.zonelabs.com/security Acknowledgments =============== Zone Labs would like to thank Alex Wheeler for reporting this issue to Zone Labs. Contact ======= Zone Labs customers who are concerned about this vulnerabilities or have additional technical questions may reach our Technical Support group at: http://www.zonelabs.com/support/ To report security issues with Zone Labs products contact: security@zonelabs.com. Note that any other matters sent to this email address will not receive a response. Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs LLC and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners. Copyright: (c)2005 Zone Labs LLC All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC. The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC All other trademarks are the property of their respective owners. Any reproduction of this alert other than as an unmodified copy of this file requires authorization from Zone Labs. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Zone Labs LLC. -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQA/AwUBQpSdxVDxXw2Is3mLEQIvJwCcC5EsnbBQ+QWVaUZBdXh0o1zBMkkAoIxg 2nXt1uCFFTGXjZlahfemO6PI =0Ubb -----END PGP SIGNATURE-----