CERTA-2007-AVI-235
Vulnerability from certfr_avis - Published: - Updated:None
Description
Deux vulnérabilités ont été identifiées dans les produits de sécurité Avast! Antivirus. Ils ne manipuleraient pas correctement des fichiers compressés de format CAB (pour Cabinet) ou SIS (Symbian Installation System), pouvant provoquer un débordement de la pile. Une personne malveillante pourrait ainsi construire des documents spécialement conçus ; lorsque ceux-ci seront analysés par l'outil de sécurité, des commandes arbitraires pourraient ainsi être exécutées sur le système vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneReferences
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "les versions d\u0027Avast! ant\u00e9rieures \u00e0 4.7.700.",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans les produits de s\u00e9curit\u00e9\nAvast! Antivirus. Ils ne manipuleraient pas correctement des fichiers\ncompress\u00e9s de format CAB (pour Cabinet) ou SIS (Symbian Installation\nSystem), pouvant provoquer un d\u00e9bordement de la pile. Une personne\nmalveillante pourrait ainsi construire des documents sp\u00e9cialement con\u00e7us\n; lorsque ceux-ci seront analys\u00e9s par l\u0027outil de s\u00e9curit\u00e9, des commandes\narbitraires pourraient ainsi \u00eatre ex\u00e9cut\u00e9es sur le syst\u00e8me vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2007-2846",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2846"
},
{
"name": "CVE-2007-2845",
"url": "https://www.cve.org/CVERecord?id=CVE-2007-2845"
}
],
"links": [
{
"title": "Avis de s\u00e9curit\u00e9 nruns SA-2007.008 du 23 mai 2007 :",
"url": "http://www.nruns.com/parsing-engines-advisories.php"
},
{
"title": "Archive de Neohapsis publi\u00e9 le 24 mai 2007 :",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2007-05/0448.html"
},
{
"title": "Site officiel d\u0027Avast! :",
"url": "http://www.avast.com"
}
],
"reference": "CERTA-2007-AVI-235",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2007-05-30T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": null,
"title": "Vuln\u00e9rabilit\u00e9s dans Avast! Antivirus",
"vendor_advisories": [
{
"published_at": null,
"title": "Annonces de vuln\u00e9rabilit\u00e9s nruns AG du 23 mai 2007",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…