---------------------------------------------------------------------- Looking for a job? Secunia is hiring skilled researchers and talented developers. http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ESET Smart Security / NOD32 Antivirus LZH Processing Denial of Service SECUNIA ADVISORY ID: SA39736 VERIFY ADVISORY: http://secunia.com/advisories/39736/ DESCRIPTION: Oleksiuk Dmitry has discovered a vulnerability in ESET Smart Security and ESET NOD32 Antivirus, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing LZH archives. This can be exploited to hang an affected system when a specially crafted LZH archive is scanned. The vulnerability is confirmed in ESET Smart Security version 4.2.40.0 and ESET NOD32 Antivirus version 4.2.42.0. Other versions may also be affected. SOLUTION: Do not scan LZH archives using the application. Restrict local access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Oleksiuk Dmitry ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0104.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------