← Advisories

VBA32 Personal Antivirus 3.12.8.x (malformed archive) DoS Exploit

High

Advisory ID

ZSL-2008-4899

Release Date

03 October 2008

Vendor

VirusBlokAda Ltd - http://www.anti-virus.by

Affected Version

3.12.8.x

CVE

CVE-2008-5667

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

Antivirus program for personal computers running Windows which is a reliable and, it is crucial, quick tool to detect and neutralize computer viruses, mail worms, trojan programs and other malware (backdoors, adware, spyware, etc) in real time and by request.

Description

Vba32 Personal Antivirus is prone to a denial-of-service vulnerability caused by an unspecified memory-corruption error. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. This may aid attackers in launching further attacks while the security application is not running.

Proof of Concept

vba32_poc.rarRAR

Disclosure Timeline

07.10.2008Vendor has knowledge about the issue.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.org/filedesc/vba32-poc-tgz.html

[2]http://www.sebug.net/exploit/4800

[3]http://www.securityfocus.com/bid/31560

[4]http://www.milw0rm.com/exploits/6658

[5]http://osvdb.org/show/osvdb/50829

[6]http://xforce.iss.net/xforce/xfdb/47573

[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5667

Changelog

03.10.2008Initial release

07.10.2008Added Vendor Status

27.09.2012Added reference [5], [6] and [7]