Technical Description

Multiple vulnerabilities were identified in AhnLab V3 Antivirus, which could be exploited by remote or local attackers to execute arbitrary commands.

The first flaw is due to an error in the real-time scan driver (v3flt2k.sys) that does not properly validate the source of received "DeviceIoControl()" commands, which could be exploited by local attackers to run "explorer.exe" with SYSTEM privileges or to disable the real-time scan engine.

The second issue is due to a stack overflow error in the ACE archive decompression library, which could be exploited by malware to execute arbitrary code.

The third vulnerability is due to an input validation error the archive decompression library, which could be exploited by malware to conduct directory traversal attacks and write files to arbitrary directories.

Affected Products

AhnLab V3Pro 2004 (Build 6.0.0.383) and prior
AhnLab V3 VirusBlock 2005 (Build 6.0.0.383) and prior
AhnLab V3Net for Windows Server 6.0 (Build 6.0.0.383) and prior

Solution

Update to version 6.0.0.457 via online update.

References

http://www.vupen.com/english/advisories/2005/1754
http://secunia.com/secunia_research/2005-17/advisory/
http://info.ahnlab.com/english/advisory/01.html

Credits

Vulnerabilities reported by Tan Chew Keong

ChangeLog

2005-09-15 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.