Multiple vulnerabilities have been identified in Norman Virus Control, which could be exploited by remote attackers or malware to bypass security checks, cause a denial of service, or take complete control of an affected system.

The first issue is caused by buffer overflow errors when processing malformed ACE files, which could be exploited by attackers to execute arbitrary commands by tricking a vulnerable application into scanning a malicious file .

The second vulnerability is caused by buffer overflow errors when processing malformed LZH files, which could be exploited by attackers to execute arbitrary commands by tricking a vulnerable application into scanning a malicious file.

The third issue is caused by an error within the DOC OLE2 file parsing code, which could be exploited to bypass malware detection via a specially crafted file.

The fourth vulnerability is caused by a divide-by-zero error within the DOC OLE2 file parsing code, which could be exploited to crash an affected application or exhaust all available memory resources, creating a denial of service condition.

Affected Products

Norman Virus Control versions 5.x

Solution

Upgrade to version 5.91.02 :
http://www.norman.com/Download/en

References

http://www.vupen.com/english/advisories/2007/2619
http://www.nruns.com/security_advisory_Norman_all_ace_buffer_overflow.php
http://www.nruns.com/security_advisory_norman_antivirus_lzh_buffer_overflow.php
http://www.nruns.com/security_advisory_norman_antivirus_doc_depection_bypass.php
http://www.nruns.com/security_advisory_norton_antivirus_doc_divide_by_zero_dos.php

Credits

Vulnerabilities reported by Sergio Alvarez (n.runs AG).

Changelog

2007-07-23 : Initial release

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.