Researchers at Internet Security Systems (ISS) have discovered a flaw in Mcafee's antivirus software that could allow compromise of a system running that software. The flaw affects software using versions of McAfee's antivirus library prior to 4400. Exploitation of the flaw could be achieved by sending a specially crafted LHA file by email or through the download of such a file from a website, or the opening of such a file from a shared folder on a network. The malformed LHA file can cause a stack overflow, potentially providing access to the affected system.
McAfee products affected include the following:
- Active Virus Defense
- Active VirusScan
- Active Virus Defense SMB Edition
- Active VirusScan SMB Edition
- Active Threat Protection
- Active Mail Protection
- GroupShield for Exchange
- GroupShield for Exchange 5.5
- GroupShield for Lotus Domino
- GroupShield for Mail Servers with ePO
- LinuxShield
- NetShield for Netware
- PortalShield for Microsoft SharePoint
- SecurityShield for Microsoft ISA Server
- Virex
- VirusScan (all versions)
- VirusScan Professional
- VirusScan ASaP/Managed VirusScan
- VirusScan Command Line
- VirusScan for NetApp
- VirusScan(r) Enterprise(all versions)
- WebShield Appliances
- WebShield SMTP
-
Anti-virus vulnerabilities strike again
By John Leyden, The Register
March 18, 2005 -
McAfee AntiVirus Library Stack Overflow
Internet Security Systems Protection Advisory
March 17, 2005
