Crafted EXE files can inject code in ClamAV

April 14, 2008 – 12:21 PM

Security service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated EXE files.

According a Secunia advisory, a boundary error in the cli_scanpe() function in libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows .exe files) compressed with the Upack runtime packer can provoke this buffer overflow to inject and execute code.

ClamAV’s developers apparently intend to release an updated version soon that will remedy the vulnerability in versions up to and including 0.92.1. Until then, administrators running ClamAV on their servers should check executable Windows files with a different virus scanner and install the ClamAV update as soon as it becomes available.

See also:

Source: Heise Security

You must be logged in to post a comment.