CERT-In Vulnerability Note CIVN-2008-116
AVG Anti-Virus UPX Processing Denial of Service Vulnerability
Original Issue Date:
August 05, 2008
Severity Rating:
Medium
System Affected
Overview
A Vulnerability has been reported in the file parsing engine in the AVG Anti-virus, which could be exploited by a remote attacker to cause a Denial of Service attack.
Description
This vulnerability in the AVG Anti-virus is caused due to a divide by zero error while parsing a malformed UPX compressed file. A remote attacker can exploit this vulnerability by sending a specially crafted UPX file to crash the scanning engine, causing a Denial of Service attack.
Solution
Upgrade AVG Anti-Virus to version 8.0.156
Vendor Information
AVG
http://www.grisoft.com/ww.94247
References
FrSIRT
http://www.frsirt.com/english/advisories/2008/2225
n.runs AG
http://www.nruns.com/advisories/%5Bn....
g%20Divide%20by%20Zero%20Advisory.txt
SecurityTracker
http://securitytracker.com/alerts/2008/Jul/1020570.html
Secunia
http://secunia.com/advisories/31290/
CVE Name
CVE-2008-3373
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
