what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

zlaveOLE.txt

zlaveOLE.txt
Posted Aug 14, 2005
Authored by Alex Wheeler

A security vulnerability existed in the anti-virus engine of specific versions of ZoneAlarm Anti-Virus and ZoneAlarm Security Suite (ZoneAlarm and ZoneAlarm Pro are not affected.) The vulnerability was caused due to an integer overflow in the Vet anti-virus engine (VetE.dll) when analyzing OLE streams. This can be exploited to cause a heap-based buffer overflow via a specially crafted Microsoft Office document.

tags | advisory, overflow, virus
SHA-256 | abceb822d39f24e96444992c0b7cb55f415bb170d323db66f5e7c797b94aceb8

zlaveOLE.txt

Change Mirror Download
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zone Labs Security Alert
Zone Labs Anti-virus Engine OLE Processing Issue

Date Published May 24, 2005
Date Last Revised May 24, 2005

Severity High


Overview
========

A security vulnerability existed in the anti-virus engine of specific
versions of ZoneAlarm Anti-Virus and ZoneAlarm Security Suite
(ZoneAlarm and ZoneAlarm Pro are not affected.)

The vulnerability was caused due to an integer overflow in the Vet
anti-virus engine (VetE.dll) when analyzing OLE streams. This can be
exploited to cause a heap-based buffer overflow via a specially
crafted Microsoft Office document.

Zone Labs has released an updated anti-virus engine for affected
products which is automatically applied during the next anti-virus
update, which typically occurs daily. Customers may also manually
update their anti-virus service for immediate protection.

Zone Labs remains committed to providing our customers with advanced
Internet security technologies for PC protection.


Impact
======

If successfully exploited, a skilled attacker could cause the
firewall to stop processing traffic, execute arbitrary code, or
elevate malicious code's privileges.

Zone Labs recommends affected users update their anti-virus engine
and definitions to the current versions which address the issue.

Affected Products
* ZoneAlarm Anti-virus and ZoneAlarm Security Suite

Unaffected Products
* ZoneAlarm and ZoneAlarm Pro
* Check Point Integrity clients and Integrity Server
* Integrity Clientless Security products


Description
===========

ZoneAlarm Anti-Virus and ZoneAlarm Security Suite use the Vet engine
from Computer Associates for anti-virus detection. Due to an
integer wrap issue in the code associated with OLE processing, a
heap overflow may occur which could potentially allow a skilled
attacker
to cause the firewall to stop processing traffic or execute arbitrary
code.


Recommended Actions
===================

ZoneAlarm Anti-virus and ZoneAlarm Security Suite users should
upgrade the anti-virus engine to version 11.9.1 or later.

To update your ZoneAlarm Anti-virus or Security Suite product:

1. Select Antivirus

2. In the Status area, choose the Update Now option

3. Select Overview | Product Info and verify that the Antivirus
Vet engine version is 11.9.1 or higher


Related Resources
=================

Zone Labs Security Services: http://www.zonelabs.com/security


Acknowledgments
===============

Zone Labs would like to thank Alex Wheeler for reporting this issue
to Zone Labs.


Contact
=======

Zone Labs customers who are concerned about this vulnerabilities or
have additional technical questions may reach our Technical Support
group at: http://www.zonelabs.com/support/

To report security issues with Zone Labs products contact:
security@zonelabs.com. Note that any other matters sent to this
email address will not receive a response.

Disclaimer:
The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS
condition. There are no warranties with regard to this information.
Neither the author nor the publisher accepts any liability for any
direct, indirect, or consequential loss or damage arising from use
of, or reliance on, this information. Zone Labs and Zone Labs
products, are registered trademarks of Zone Labs LLC and/or
affiliated companies in the United States and other countries.
All other registered and unregistered trademarks represented in
this document are the sole property of their respective
companies/owners.

Copyright:
(c)2005 Zone Labs LLC All rights reserved. Zone Labs, TrueVector,
ZoneAlarm, and Cooperative Enforcement are registered trademarks
of Zone Labs LLC. The Zone Labs logo, Check Point Integrity and
IMsecure are trademarks of Zone Labs, Inc. Check Point Integrity
protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off.
Cooperative Enforcement is a service mark of Zone Labs LLC All other
trademarks are the property of their respective owners.

Any reproduction of this alert other than as an unmodified copy of
this file requires authorization from Zone Labs. Permission to
electronically redistribute this alert in its unmodified form is
granted. All other rights, including the use of other media, are
reserved by Zone Labs LLC.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQpSdxVDxXw2Is3mLEQIvJwCcC5EsnbBQ+QWVaUZBdXh0o1zBMkkAoIxg
2nXt1uCFFTGXjZlahfemO6PI
=0Ubb
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close