FYI - List of AV Vulns that were listed in the SANS Vulnerability Alert that affect most of us one way or another.
Also, there was a McAfee vulnerability but it was for thier linux based version. 06.50.31 CVE: CVE-2006-5874 Platform: Cross Platform Title: Clam Anti-Virus MIME Attachments Denial of Service Description: Clam Anti-Virus (ClamAV) is an anti-virus application for Windows and UNIX like operating systems. It is exposed to a denial of service issue because it fails to handle certain file types. Specifically, the vulnerability exists when the application processes base64-encoded MIME attachments. This results in a NULL pointer dereference crashing the affected application. ClamAV versions prior to 0.88.4-2 are affected. Ref: http://www.securityfocus.com/archive/1/453968 MODERATE: BitDefender PE File Parsing Engine Integer Overflow Affected: BitDefender Antivirus and Antivirus Plus BitDefender for ISA Server and MS Exchange BitDefender Internet Security BitDefender Mail Protection for Enterprises BitDefender Online Scanner Description: Multiple BitDefender products are vulnerable to an integer overflow in parsing packed PE (Portable Executable) files. Portable Executable files are the standard executable format on Microsoft Windows systems. Failure to properly handle certain malformed packed PE files can lead to an integer overflow and arbitrary code execution with the privileges of the scanning process. Status: BitDefender confirmed, updates available. According to BitDefender's website, the update was distributed immediately via BitDefender's automatic update system, and no user interaction is required to install the update. References: BitDefender Security Advisory http://www.bitdefender.com/KB323-en--cevakrnl.xmd-vulnerability.html (11) Symantec Antivirus Big Yellow/Sagevo Worm Description: eEye researchers have discovered a new worm that is exploiting a buffer overflow vulnerability in the Symantec Antivirus and Client Security software. The overflow being exploited by the Big Yellow/Sagevo worm was patched by Symantec in May 2006. Enterprises using Symantec AV or Client Security software should apply the patch immediately if they have not done so already. In addition, blocking access to the port 2967/tcp at the network perimeter will prevent any attacks originating from the Internet. References: eEye's Analysis of Worm Binary http://research.eeye.com/html/alerts/AL20061215.html Symantec's Worm Analysis http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2006-121309-3331-99&tabid=2 06.50.14 CVE: CVE-2006-5645 Platform: Third Party Windows Apps Title: Multiple Trend Micro Antivirus RAR Archive Remote Denial of Service Description: Trend Micro provides antivirus and software security applications. These applications are exposed to remote denial of service issues because they fail to properly handle file types, resulting in excessive consumption of system resources. Trend Micro Server Protect version 5.58, Trend Micro PC Cillin - Internet Security 2006 and Trend Micro Office Scan version 7.3 are affected. Ref: http://www.trendmicro.com/en/home/us/home.htm CRITICAL: Sophos Anti-Virus Multiple Vulnerabilities Affected: Sophos products with a scanning engine version prior to 2.40 Description: Sophos Anti-Virus contains multiple buffer overflows in parsing CPIO and SIT archives. CPIO is a common archive format used primarily on Unix and Unix-like systems, and SIT is a common archive format used primarily on Apple Macintosh systems. A specially-crafted CPIO or SIT archive scanned by Sophos could exploit these buffer overflows and execute arbitrary code with the privileges of the scanning process. Some technical details for these vulnerabilities are publicly available. Status: Sophos confirmed, updates available. References: Sophos Knowledge Base Article http://www.sophos.com/support/knowledgebase/article/17340.html ------------------------------------------------------------------------ Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.