• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Avast! Antivirus Engine Remote LHA Buffer Overflow Vulnerability

Avast! antivirus engine is prone to a buffer-overflow vulnerability in its LHA processing routines.

A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition in the LHA processing engine. This may lead to arbitrary code execution in the context of applications that use the vulnerable engine. This may result in a full computer compromise.

Applications that use versions of Avast! antivirus engine earlier than 4.7.869 (for desktops) or 4.7.660 (for servers) are vulnerable to this issue.