----------------------------------------------------------------------

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
McAfee Multiple Products LHA File Handling Buffer Overflow

SECUNIA ADVISORY ID:
SA14628

VERIFY ADVISORY:
http://secunia.com/advisories/14628/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

OPERATING SYSTEM:
McAfee WebShield Appliances
http://secunia.com/product/278/

SOFTWARE:
McAfee Active Threat Protection
http://secunia.com/product/4795/
McAfee Active Virus Defense SMB Edition
http://secunia.com/product/4793/
McAfee Active VirusScan SMB Edition
http://secunia.com/product/4794/
McAfee GroupShield 6.x for Microsoft Exchange
http://secunia.com/product/3615/
McAfee GroupShield for Exchange 2000 5.x
http://secunia.com/product/225/
McAfee GroupShield for Exchange 5.5 v4.x
http://secunia.com/product/353/
McAfee GroupShield for Exchange 5.5 v5.x
http://secunia.com/product/224/
McAfee GroupShield for Lotus Domino on AIX 5.x
http://secunia.com/product/229/
McAfee GroupShield for Lotus Domino on Windows 5.x
http://secunia.com/product/230/
McAfee GroupShield for Mail Servers with ePO
http://secunia.com/product/4797/
McAfee LinuxShield 1.x
http://secunia.com/product/4798/
McAfee Managed VirusScan
http://secunia.com/product/4801/
McAfee Netshield for Netware 4.x
http://secunia.com/product/227/
McAfee PortalShield for Microsoft SharePoint
http://secunia.com/product/4799/
McAfee SecurityShield for Microsoft ISA Server
http://secunia.com/product/4800/
McAfee Virex
http://secunia.com/product/274/
McAfee VirusScan 4.x
http://secunia.com/product/275/
McAfee VirusScan 8.x/2004
http://secunia.com/product/4740/
McAfee VirusScan 9.x/2005
http://secunia.com/product/4792/
McAfee VirusScan Command Line
http://secunia.com/product/4802/
McAfee VirusScan Enterprise 8.x
http://secunia.com/product/3948/
McAfee VirusScan NetApp
http://secunia.com/product/4803/
McAfee VirusScan Professional 7.x
http://secunia.com/product/265/
McAfee WebShield SMTP 4.x
http://secunia.com/product/228/
McAfee Active Mail Protection
http://secunia.com/product/4796/

DESCRIPTION:
ISS X-Force has reported a vulnerability in multiple McAfee products,
which can be exploited by malicious people to compromise a vulnerable
system.

The vulnerability is caused due to a boundary error in the AV
scanning engine when processing LHA archives and can be exploited to
cause a buffer overflow via a specially crafted LHA file.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been reported in version 4320 of the AV
scanning engine and affects the following products:
* Internet Security Suite
* VirusScan (all versions)
* VirusScan Professional
* Active Virus Defense SMB Edition
* Active VirusScan SMB Edition
* Active Threat Protection
* Active Mail Protection
* GroupShield for Exchange
* GroupShield for Exchange 5.5
* GroupShield for Lotus Domino
* GroupShield for Mail Servers with ePO
* LinuxShield
* NetShield for Netware
* PC Security Suite
* PortalShield for Microsoft SharePoint
* SecurityShield for Microsoft ISA Server
* Virex
* VirusScan ASaP
* Managed VirusScan
* VirusScan Command Line
* VirusScan for NetApp
* VirusScan Enterprise 8.0i
* Web Essentials
* WebShield Appliances
* WebShield SMTP

SOLUTION:
The vendor recommends applying the latest .DAT files and updating to
AV scanning engine version 4400.

PROVIDED AND/OR DISCOVERED BY:
Alex Wheeler, ISS X-Force.

ORIGINAL ADVISORY:
McAfee:
http://us.mcafee.com/root/support.asp?id=4320_faqs

ISS X-Force:
http://xforce.iss.net/xforce/alerts/id/190

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------