Avira AntiVir Vulnerabilities

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

1

Wednesday, May 23rd 2007, 11:35am

Within this thread vulnerabilites confirmed by Avira are released to the public.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

2

Wednesday, May 23rd 2007, 3:10pm

Access violation in LZH archives

Description:
Buffer overflow in specially crafted archives.

Fixed with:
AVPack >= 7.03.00.09
The fixed version was shipped to all customers via update at 2007-05-23 12:35 pm.

Credits:
Avira GbmH thanks Sergio 'shadown' Alvarez of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

3

Wednesday, May 23rd 2007, 3:11pm

Divide by zero's in UPX files

Description:
Bug in engine

Fixed with:
Engine >= 7.04.00.24
The fixed versions were shipped to all customers via update at 2007-05-23 12:35 pm.

Credits:
Avira GbmH thanks Sergio 'shadown' Alvarez of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

4

Wednesday, May 23rd 2007, 3:12pm

Infinite loop in TAR archives

Descrition:
Endless loop, we tried to seek above the 4GB treshold.

Fixed with:
AVPack >= 7.03.00.09
The fixed versions were shipped to all customers via update at 2007-05-23 12:35 pm.

Credits:
Avira GbmH thanks Sergio 'shadown' Alvarez of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

5

Wednesday, May 30th 2007, 4:06pm

AVPack aborts extraction because of invalid packed size archives

Description:
AVPack aborts extraction because of invalid packed size archives

Fixed with:
AVPack >= 7.3.0.10
The fixed version was shipped to all customers via update at 2007-05-30 15:37 pm.

Credits:
Avira GbmH thanks Thierry Zoller of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

6

Wednesday, June 13th 2007, 3:30pm

Problems when parsing manipulated RAR archives (support for high version numbers)

Description:
AVPack aborts extraction when parsing manipulated RAR archives (support for high version numbers incl. 36)

Fixed with:
AVPack >= 7.3.0.12
The fixed version was shipped to all customers via update at 2007-06-13 11:39 am.

Credits:
Avira GbmH thanks Thierry Zoller of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

7

Wednesday, June 13th 2007, 3:31pm

CAB: Extraction aborted because of invalid version number

Description:
AVPack aborts extraction when the cab version number is invalid.

Fixed with:
AVPack >= 7.3.0.12
The fixed version was shipped to all customers via update at 2007-06-13 11:39 am.

Credits:
Avira GbmH thanks Thierry Zoller of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Patrick Lichtner

Avira GmbH

Date of registration:
Mar 1st 2006

Version: Avira Prem. Security Suite

8

Wednesday, June 13th 2007, 3:32pm

CAB: Extraction aborted because of manipulated CAB archives

Description:
AVPack aborts extraction when the number of folders is manipulated (integrity of folder entities)

Fixed with:
AVPack >= 7.3.0.12
The fixed version was shipped to all customers via update at 2007-06-13 11:39 am.

Credits:
Avira GbmH thanks Thierry Zoller of n.runs for bringing this issue to our attention.

Patrick Lichtner
Avira GmbH

Avira Support Forum