n.runs AG http://www.nruns.com/ security(at)nruns.com n.runs-SA-2008.004 28-Jul-2008 ________________________________________________________________________ Vendor: Grisoft Inc., http://grisoft.com Product: AVG Anti-Virus Vulnerability: Divide by Zero - DoS (remote) Risk: HIGH ________________________________________________________________________ Vendor communication: 2008-07-10 n.runs contacted AVG 2008-07-10 AVG response 2008-07-10 n.runs sent PoC files to AVG 2008-07-10 AVG started to investigate the PoCs 2008-07-14 AVG confirms the vulnerability and expect to release a fix next week 2008-07-14 n.runs thanks AVG for the status report (waiting for the fix next week) 2008-07-25 AVG releases fixed version http://www.grisoft.com/ww.94247 2008-07-28 n.runs releases this advisory ________________________________________________________________________ Overview: Grisoft is focused on developing software solutions that provide protection from computer viruses. Grisoft's primary focus is to deliver the most comprehensive and proactive protection available on the market. Distributed globally through resellers and through the internet, the AVG Anti-Virus product line supports all major operating systems and platforms. More than 40 million users around the world use Grisoft AVG products to protect their computers and networks. Description: A remotely exploitable vulnerability has been found in the files parsing engine. In detail, the following flaw was determined: - A Denial of Service caused by a Divide by Zero while parsing UPX files. Impact: This problem can lead to remote denial of service if an attacker carefully crafts a file that exploits the aforementioned vulnerability. The vulnerability is present in AVG Antivirus software versions prior to the program update AVG 8.0.156. Solution: The vulnerability was reported on 10.Jul.2008 and AVG 8.0.156 has been issued on 25.Jul.2008 to solve this vulnerability. For detailed information about the fixes follow the link in References [1] section of this document. ________________________________________________________________________ Credit: Bugs found by Sergio 'shadown' Alvarez of n.runs AG. ________________________________________________________________________ References: http://www.grisoft.com/ww.94247 [1] This Advisory and Upcoming Advisories: http://www.nruns.com/security_advisory.php ________________________________________________________________________ Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise, contact security@nruns.com for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded. In no event shall n.runs be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if n.runs has been advised of the possibility of such damages. Copyright 2008 n.runs AG. All rights reserved. Terms of use apply. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/