FYI...

NOD32 AV vuln - update available
- /t190517-NOD32_AV_vuln_update_available.html


avast! vuln - updates available
- /t190518-avast_vuln_updates_available.html

FYI...

Avira AV multiple vulns - update available
- /postlite190967-.html

FYI...

F-Secure multiple products, vulns - updates available
- /postlite191125-.html

FYI...

CA Anti-Virus Engine CAB Archive Processing Buffer Overflows - update available
- /postlite191713-.html

FYI...

Trend Micro OfficeScan vuln - update available
- /postlite193371-.html



.

FYI...

McAfee ePolicy Orchestrator / ProtectionPilot Common Management Agent Vulns
- /p965537-McAfee_vuln_update_available.html#965537




.

FYI...

Trend Micro OfficeScan vuln - updates available
> /postlite195280-.html



.

FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

.

FYI...

CA AV and other multiple products vuln - updates available
- http://secunia.com/advisories/26155/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch ...
Description: Two vulnerabilities have been reported in various CA products, which can be exploited by malicious people to cause a DoS...

(See the advisory for the long list of affected products.)

Also see: http://secunia.com/advisories/26190/
Release Date: 2007-07-25
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
...The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware..."

FYI...

ClamAV multiple vulns - update available
- http://secunia.com/advisories/26530/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Clam AntiVirus (clamav) 0.x...
Solution:
Update to version 0.91.2.
- http://sourceforge.net/project/showfiles.php?group_id=86638&package_id=90197&release_id=533658
2007-08-21


Trend Micro ServerProtect multiple vulns - update available
- http://secunia.com/advisories/26523/
Release Date: 2007-08-22
Critical: Moderately critical
Impact: System access
Where: From local network
Solution Status: Vendor Patch
Software: Trend Micro ServerProtect for Windows/NetWare 5.x...
Solution: Apply Security Patch 4 - Build 1185.
http://www.trendmicro.com/ftp/products/patches/spnt_558_win_en_securitypatch4.exe
Original Advisory: Trend Micro:
http://www.trendmicro.com/ftp/documentation/readme/spnt_558_win_en_securitypatch4_readme.txt

.

FYI...

Sophos AV vuln - update available
- http://secunia.com/advisories/26580/
Release Date: 2007-08-24
Critical: Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus...
The vulnerabilities are reported in Sophos Anti-Virus with engine versions prior to 2.48.0.
Solution: Update to engine version 2.48.0 or later...
Original Advisory: http://www.sophos.com/support/knowledgebase/article/28407.html
http://www.sophos.com/support/knowledgebase/article/14244.html ...

.

FYI...

Sophos AV vuln - updates available
- http://secunia.com/advisories/26714/
Release Date: 2007-09-07
Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: Sophos Anti-Virus 7.x, Sophos Anti-Virus for Windows 6.x
...The vulnerability is reported in versions 6.x and 7.0.0.
Solution: Update to versions 6.5.8 or later, or 7.0.1 or later. The vendor also recommends users of version 6.x to upgrade to version 7.
Original Advisory:
http://www.sophos.com/support/knowledgebase/article/29150.html

.

FYI...

AOL AV changes...
- http://isc.sans.org/diary.html?storyid=3360
Last Updated: 2007-09-08 01:29:38 UTC - "...It appears that AOL has switched from Kaspersky to McAfee and are now distributing "McAfee Virus Scan Plus-Special edition from AOL" according to this page*. It isn't entirely clear how (or if) this was communicated to the folks using the Kaspersky software. If you follow the link at the bottom of the page it looks like the old software may still get updates if you point back to a Kaspersky site, but that isn't entirely clear and I was unable to find anyone to answer that question for sure today (I'll update the story if I get more info). Without some action by the user, however, it appears that they will now be unprotected, which is unfortunate. In the meantime, if you have an AOL e-mail address, you can still get free anti-virus software from here**..."

* http://www.activevirusshield.com/antivirus/freeav/index.adp

** http://safety.aol.com/isc/BasicSecurity/

.

FYI...

Kaspersky AV DoS vuln - update 11.2007
- http://secunia.com/advisories/26887/
Last Update: 2007-09-25
Critical: Not critical
Impact: DoS
Where: Local system
Solution Status: Unpatched
Software: Kaspersky Anti-Virus 6.x
Kaspersky Anti-Virus 7.x
Kaspersky Internet Security 6.x
Kaspersky Internet Security 7.x
...The vulnerabilities are reported in version 7.0 build 125. Other versions may also be affected.
Solution: The vendor is reportedly working on an update to be released November 2007.
Original Advisory: Kaspersky:
http://www.kaspersky.com/technews?id=203038706
"...This is not the first time that this author has failed to notify us about a vulnerability before making it public, despite the fact that notifying the vendor first is de facto an industry standard..."

> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5043


.

FYI...

Kaspersky Online Scanner ActiveX Vuln
- http://secunia.com/advisories/27187/
Release Date: 2007-10-11
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Kaspersky Online Scanner 5.x
...The vulnerability affects versions 5.0.93.1 and prior.
Solution: Update to version 5.0.98.0.
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html ...
Original Advisory: Kaspersky:
http://www.kaspersky.com/news?id=207575572 ...

.