Avast Antivirus detects critical vulnerabilities

In the summer of 2015, Internet users widely discussed the security problems of antivirus tools. Recall that serious vulnerabilities were found in ESET products, and then in BitDefender with Symantec . This week it became known about the next problems with the protection of antivirus software. One of the users of the Google Code resource has published descriptions and test scenarios for operating four major vulnerabilities in the Avast Antivirus, two of which are critical.

Critical vulnerabilities: OOB record and heap overflow

The first critical vulnerability described is the possibility of OOB entries in Avast Server Edition, which can lead to decryption and launch of executable files encrypted using PEncrypt.
')
In addition, another security error causes a heap overflow in the AvastSvc.exe component. The researcher managed to exploit the vulnerability by using an image encrypted and packaged in the MoleBox archive. Thus, remote attacks related to code execution are possible.

That's not all

In addition to the two critical, published and information about not so serious, but still noticeable vulnerabilities Avast. So, one of the errors has a high degree of criticality and can lead to attacks of the type integer overflow. If the value of the numFonts field in the TTC header exceeds (SIZE_MAX + 1) / 4, when you call the CSafeGenFile :: SafeLockBuffer function, an integer overflow occurs in the filevirus_ttf () component. Description of the TTC format is presented by reference .

In addition, using a Microsoft Access database file, the researcher managed to call the JetDb :: IsExploited4x method, which contains an error leading to the possibility of unbounded-object search - this vulnerability is assigned a moderate degree of severity.

In the description of the presented vulnerabilities it is said that all of them have now been eliminated by the developers of anti-virus software. At the same time, in publications on Google Code, no vulnerable versions of Avast are indicated, therefore, Positive Technologies experts recommend that all users of this antivirus download the latest current version from the developers site.

Recall that some intelligence services are very interested in antivirus vulnerabilities: protection software gets high access privileges on their users' computers, so a hacked antivirus allows you to monitor the activities of thousands of people who use this antivirus. That is why, almost simultaneously with the burglary of ESET, it became known that the secret services of various countries (in particular, the United Kingdom and the United States) were studying and trying to crack the Kaspersky Lab products.