• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

AVIRA Desktop for Windows ACE Archive Handling Remote Buffer Overflow Vulnerability

AVIRA Desktop for Windows is affected by a remote buffer overflow vulnerability when handling ACE archives.

If the application has been enabled to scan compressed files and proceeds to process a malicious archive, a buffer overflow condition can be triggered. This may lead to memory corruption and potentially facilitate arbitrary code execution.

An attacker may exploit this vulnerability to gain unauthorized remote access in the context of SYSTEM.

Desktop for Windows version 1.00.00.68 running AVPACK32.DLL version 6.31.0.3 is reportedly vulnerable. It is possible that other versions are affected as well.