>> ZoneLabs Multiple Products Vet Engine Heap Overflow Vulnerability
Title : ZoneLabs Multiple Products Vet Engine Heap Overflow Vulnerability VUPEN ID : VUPEN/ADV-2005-0597 CVE ID : GENERIC-MAP-NOMATCH CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-05-23
Technical Description
A critical vulnerability was identified in multiple ZoneLabs products, which may be exploited by remote attackers to execute arbitrary commands. This flaw is due to a heap overflow error in the Vet Antivirus engine (VetE.dll) when analyzing the OLE stream and processing malformed VBA macro object headers, which may be exploited by remote attackers to execute arbitrary commands by sending a specially crafted VBA project name record to a vulnerable application. For additional information, see : VUPEN/ADV-2005-0596
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
