AVG Scanning Engine UPX Parsing Denial of Service Vulnerability

High Nessus Network Monitor Plugin ID 5021

Synopsis

The remote host is vulnerable to a flaw which allows malcode to be passed

Description

AVG Anti-Virus is installed on the remote Windows host. The version of AVG Anti-Virus installed on the remote host is affected by a flaw wherein remote attackers can bypass the scanning engine by sending specially formatted 'rar' and 'zip' archive files. An attacker, exploiting this flaw, would only need the ability to send email to valid recipients on the target server. Successful exploitation would result in the attacker being able to pass malware through the AVG server.

Solution

Upgrade to AVG 8.5 323 or later.

See Also

http://blog.zoller.lu/2009/04/avg-zip-evasion-bypass.html

Plugin Details

Severity: High

ID: 5021

File Name: 5021.prm

Family: Web Clients

Published: 2004/08/18

Modified: 2016/01/22

Dependencies: 1735, 8314, 1769

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.4

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:X

Reference Information

CVE: CVE-2009-1784

BID: 34895

OSVDB: 54715, 54716