Summary: Antivirus program for personal computers running Windows which is a reliable and, it is crucial, quick tool to detect and neutralize computer viruses, mail worms, trojan programs and other malware (backdoors, adware, spyware, etc) in real time and by request.
Desc: VBA32 (VirusBlokAda) Personal Version 3.12.8.x suffers from a denial of service vulnerability that causes memory corruption and causing the software to crash while scanning a malformed archive.
Product web page: http://www.anti-virus.by/en/personal.html
Tested on Microsoft Windows XP SP2 (English)
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm [t00t] gmail [m00t] com
http://www.zeroscience.org
03.10.2008
PoC: http://zeroscience.org/codes/vba32_poc.rar
http://www.milw0rm.com/exploits/6658
http://packetstormsecurity.org/filedesc/vba32-poc-tgz.html
http://www.sebug.net/exploit/4800/
http://www.securityfocus.com/bid/31560
http://heapoverflow.com/f0rums/public/9134-vba32-personal-antivirus-3-12-8-x-malformed-archive-dos-exploit.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment