[原文]Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive.
AVIRA是在德国非常流行的一款杀毒软件产品。
AVIRA Desktop for Windows杀毒软件中存在缓冲区溢出漏洞,成功利用这个漏洞的攻击者可以远程执行任意代码。起因是在从ACE文档中读取压缩文件的文件名时存在边界条件错误。如果ACE文档中的压缩文件包含有特别长的文件名,则在扫描该文件时就可能导致栈溢出。
AVIRA是在德国非常流行的一款杀毒软件产品。
AVIRA Desktop for Windows杀毒软件中存在缓冲区溢出漏洞,成功利用这个漏洞的攻击者可以远程执行任意代码。起因是在从ACE文档中读取压缩文件的文件名时存在边界条件错误。如果ACE文档中的压缩文件包含有特别长的文件名,则在扫描该文件时就可能导致栈溢出。
A remote overflow exists in AVIRA Desktop for Windows. The 'AVPACK32.DLL' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
-
时间线
2005-09-14
2005-09-05
Unknow
Unknow
-
解决方案
Currently, there are no known workarounds or upgrades to correct this issue. However, AVIRA has released a patch to address this vulnerability.