Vigil@nce: F-PROT, several denials of service
July 2008 by Vigil@nce
An attacker can create malformed files in order to stop F-PROT.
– Gravity: 1/4
– Consequences: denial of service of client
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 16/07/2008
– Identifier: VIGILANCE-VUL-7953
IMPACTED PRODUCTS
F-PROT Antivirus
DESCRIPTION
Four vulnerabilities were corrected by the version 4.4.4 of F-PROT
engine.
A CHM file with a nb_dir header value of 0xffffffff forces a read
at an invalid memory address, which stops F-PROT. [grav:1/4;
n.runs-SA-2008.002]
A malformed UPX file stops the engine. [grav:1/4]
A malformed Microsoft Office file creates an infinite loop.
[grav:1/4]
On a 64-bit processor, a file compressed with ASPack stops the
engine. [grav:1/4]
CHARACTERISTICS
– Identifiers: n.runs-SA-2008.002, VIGILANCE-VUL-7953
– Url: https://vigilance.aql.fr/tree/1/7953