TITLE: HAURI Anti-Virus ALZ Archive Handling Buffer Overflow SECUNIA ADVISORY ID: SA16852 VERIFY ADVISORY: http://secunia.com/advisories/16852/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: HAURI LiveCall http://secunia.com/product/5448/ ViRobot Advanced Server http://secunia.com/product/5556/ ViRobot Expert 4.x http://secunia.com/product/5557/ DESCRIPTION: Secunia Research has discovered a vulnerability in various HAURI anti-virus products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the archive decompression library when reading the filename of a compressed file from an ALZ archive. This can be exploited to cause a stack-based buffer overflow when a malicious ALZ archive is scanned. Successful exploitation allows arbitrary code execution, but requires that compressed file scanning is enabled. The vulnerability has been confirmed in vrAZMain.dll version 5.8.22.137 used by the following products: * ViRobot Expert 4.0 * ViRobot Advanced Server * HAURI LiveCall Prior versions may also be affected. SOLUTION: Apply updates. ViRobot Expert 4.0 / ViRobot Advanced Server: Update to the latest version via online update. (vrAZMain.dll version 5.9.22.154) HAURI LiveCall: Update to the latest version by visiting the vendor's LiveCall website. (vrAZMain.dll version 5.9.22.154) PROVIDED AND/OR DISCOVERED BY: Tan Chew Keong, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2005-47/advisory/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------