Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Hauri_livecall | Hauri | * | * |
| Virobot | Hauri | advanced_server (including) | advanced_server (including) |
| Virobot | Hauri | expert_4.0 (including) | expert_4.0 (including) |
| Virobot | Hauri | linux_server_2.0 (including) | linux_server_2.0 (including) |
| Vrazmain.dll | Hauri | 5.8.22.137 (including) | 5.8.22.137 (including) |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0150.html
- http://secunia.com/advisories/16852
- http://secunia.com/secunia_research/2005-47/advisory/
- http://securitytracker.com/id?1015018
- http://securitytracker.com/id?1015019
- http://www.osvdb.org/19878
- http://www.securityfocus.com/bid/15045
- http://www.vupen.com/english/advisories/2005/1978
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22535
- http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0150.html
- http://secunia.com/advisories/16852
- http://secunia.com/secunia_research/2005-47/advisory/
- http://securitytracker.com/id?1015018
- http://securitytracker.com/id?1015019
- http://www.osvdb.org/19878
- http://www.securityfocus.com/bid/15045
- http://www.vupen.com/english/advisories/2005/1978
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22535