>> Ahnlab Antivirus Buffer Overflow and Directory Traversal Vulnerabilities
Title : Ahnlab Antivirus Buffer Overflow and Directory Traversal Vulnerabilities VUPEN ID : VUPEN/ADV-2005-1754 CVE ID : CVE-2005-2986 CWE ID : CWE-
Rated as : Critical
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-09-15
Technical Description
Multiple vulnerabilities were identified in AhnLab V3 Antivirus, which could be exploited by remote or local attackers to execute arbitrary commands.
The first flaw is due to an error in the real-time scan driver (v3flt2k.sys) that does not properly validate the source of received "DeviceIoControl()" commands, which could be exploited by local attackers to run "explorer.exe" with SYSTEM privileges or to disable the real-time scan engine.
The second issue is due to a stack overflow error in the ACE archive decompression library, which could be exploited by malware to execute arbitrary code.
The third vulnerability is due to an input validation error the archive decompression library, which could be exploited by malware to conduct directory traversal attacks and write files to arbitrary directories.
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.