VBA32 Personal Antivirus 3.12.8.x (malformed archive) DoS Exploit
Title: VBA32 Personal Antivirus 3.12.8.x (malformed archive) DoS Exploit
Advisory ID: ZSL-2008-4899
Type: Local
Impact: DoS
Risk: (4/5)
Release Date: 03.10.2008
[2] http://www.sebug.net/exploit/4800
[3] http://www.securityfocus.com/bid/31560
[4] http://www.milw0rm.com/exploits/6658
[5] http://osvdb.org/show/osvdb/50829
[6] http://xforce.iss.net/xforce/xfdb/47573
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5667
[07.10.2008] - Added Vendor Status
[27.09.2012] - Added reference [5], [6] and [7]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2008-4899
Type: Local
Impact: DoS
Risk: (4/5)
Release Date: 03.10.2008
Summary
Antivirus program for personal computers running Windows which is a reliable and, it is crucial, quick tool to detect and neutralize computer viruses, mail worms, trojan programs and other malware (backdoors, adware, spyware, etc) in real time and by request.Description
Vba32 Personal Antivirus is prone to a denial-of-service vulnerability caused by an unspecified memory-corruption error. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. This may aid attackers in launching further attacks while the security application is not running.Vendor
VirusBlokAda Ltd - http://www.anti-virus.byAffected Version
3.12.8.xTested On
Microsoft Windows XP Professional SP2 (English)Vendor Status
[07.10.2008] Vendor has knowledge about the issue.PoC
vba32_poc.rarCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://packetstormsecurity.org/filedesc/vba32-poc-tgz.html[2] http://www.sebug.net/exploit/4800
[3] http://www.securityfocus.com/bid/31560
[4] http://www.milw0rm.com/exploits/6658
[5] http://osvdb.org/show/osvdb/50829
[6] http://xforce.iss.net/xforce/xfdb/47573
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5667
Changelog
[03.10.2008] - Initial release[07.10.2008] - Added Vendor Status
[27.09.2012] - Added reference [5], [6] and [7]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk