Signature Detail

HTTP: Avast! Antivirus LHA Buffer Overflow

This signature detects attempts to exploit a known vulnerability in the Avast! Antivirus Engine. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the client.

Extended Description

Avast! antivirus engine is prone to a buffer-overflow vulnerability in its LHA processing routines. A successful attack can allow a remote attacker to corrupt process memory by triggering an overflow condition in the LHA processing engine. This may lead to arbitrary code execution in the context of applications that use the vulnerable engine. This may result in a full computer compromise. Applications that use versions of Avast! antivirus engine earlier than 4.7.869 (for desktops) or 4.7.660 (for servers) are vulnerable to this issue.

Affected Products

• Avast! Antivirus Home Edition 4.0.0
• Avast! Antivirus Home Edition 4.6.0
• Avast! Antivirus Home Edition 4.6.652
• Avast! Antivirus Home Edition 4.6.655
• Avast! Antivirus Home Edition 4.6.665
• Avast! Antivirus Home Edition 4.6.691
• Avast! Antivirus Home Edition 4.7.827
• Avast! Antivirus Home Edition 4.7.844
• Avast! Antivirus Professional Edition 4.0.0
• Avast! Antivirus Professional Edition 4.6.0
• Avast! Antivirus Professional Edition 4.6.603
• Avast! Antivirus Professional Edition 4.6.652
• Avast! Antivirus Professional Edition 4.6.665
• Avast! Antivirus Professional Edition 4.6.691
• Avast! Antivirus Professional Edition 4.7.827
• Avast! Antivirus Professional Edition 4.7.844
• Avast! Antivirus Server Edition 4.6.460
• Avast! Antivirus Server Edition 4.6.489
• Bains Digital Defender MX
• IceWarp Merak Mail Server 2.1.0 0.250
• IceWarp Merak Mail Server 2.1.0 0.260
• IceWarp Merak Mail Server 2.1.0 0.280
• IceWarp Merak Mail Server 2.1.0 0.290
• IceWarp Merak Mail Server 2.1.0 0.360
• IceWarp Merak Mail Server 3.0.0 0.100
• IceWarp Merak Mail Server 4.0.0 0.30
• IceWarp Merak Mail Server 4.1.0 0.040
• IceWarp Merak Mail Server 4.1.0 0.050
• IceWarp Merak Mail Server 5.1.2
• IceWarp Merak Mail Server 5.1.3
• IceWarp Merak Mail Server 5.3.0 .0
• IceWarp Merak Mail Server 5.3.2
• IceWarp Merak Mail Server 6.0.7
• IceWarp Merak Mail Server 6.1.0 .0
• NetWin SurgeMail 1.8.0 a
• NetWin SurgeMail 1.8.0 b3
• NetWin SurgeMail 1.8.0 d
• NetWin SurgeMail 1.8.0 e
• NetWin SurgeMail 1.8.0 g3
• NetWin SurgeMail 1.9.0
• NetWin SurgeMail 1.9.0 b2
• NetWin SurgeMail 2.0.0 a2
• NetWin SurgeMail 2.0.0 c
• NetWin SurgeMail 2.0.0 e
• NetWin SurgeMail 2.0.0 g2
• NetWin SurgeMail 2.1.0 a
• NetWin SurgeMail 2.1.0 c7
• NetWin SurgeMail 2.2.0 a6
• NetWin SurgeMail 2.2.0 c10
• NetWin SurgeMail 2.2.0 c9
• NetWin SurgeMail 2.2.0 g2
• NetWin SurgeMail 2.2.0 g3
• NetWin SurgeMail 3.0.0 a
• NetWin SurgeMail 3.0.0 c2
• NoticeWare Internet Anywhere eMailServer
• Paul Smith Computer Services VPOP3 Email Server
• SmartMax Software MailMax 1.0.0
• SmartMax Software MailMax 4.8.0
• SmartMax Software MailMax 5.0.0
• SmartMax Software MailMax 5.0.10 .6
• SmartMax Software MailMax 5.0.10 .7
• SmartMax Software MailMax 5.0.10 .8
• SmartMax Software MailMax 5.5.0

References

• BugTraq: 19903
• CVE: CVE-2006-4626