- 28 May 2008Advisories » McAfee VirusScan DUNZIP32.dll Remote Buffer Overflow Vulnerability
| Release Date: | 30/03/2006 | Severity: | Highly Critical  |
| SecWatch Advisory: | SWID1013551 | Cause: | Not specified |
| Solution Status: | Vendor Patch | Impact: | Not specified |
| Exploit Status: | None Available | Access Vector: | From remote |
| Affected Software: | McAfee SecurityCenter 6.x | ||
| Original Advisory: | http://www.networksecurity.fi/advisories/mcafee-virusscan.html |
||
| SecWatch: | SWID1008957 | ||
| CVE: | CVE-2004-1094 | ||
| Secunia: | SA19451 | ||
Description:
A vulnerability in McAfee VirusScan has been reported, which potentially can be exploited by remote users to compromise a user's system.
The vulnerability is caused due to a boundary error in a 3rd-party compression library (DUNZIP32.dll) when processing virus definition files. This can be exploited to cause a buffer overflow via a specially crafted definition file.
The vulnerability is related to:
SWID1008957
Successful exploitation requires that the user is e.g. tricked into updating the virus definition file from a malicious site.
Affected:
McAfee VirusScan version 10.0.21 included with McAfee SecurityCenter Agent version 6.0.0.16. Prior versions may also be affected.
Solution:
The vulnerability has been fixed, update to the fixed version of DUNZIP32.dll via online update.
Credits:
Originally discovered by eEye Digital Security and NGSSoftware.
Reported in McAfee VirusScan by:
Juha-Matti Laurio
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.
Related Vulnerabilities and Exploits
10 May 07: McAfee SecurityCenter Subscript.. (McAfeeSecurityCenter_ActiveX_BoF.c)
09 May 07: McAfee SecurityCenter Subscription Manager ActiveX Control Remote..