Title: VBA32 Personal Antivirus 3.12.8.x (malformed archive) DoS Exploit
Advisory ID: ZSL-2008-4899
Type: Local
Impact: DoS
Risk: (4/5)
Release Date: 03.10.2008

Summary

Antivirus program for personal computers running Windows which is a reliable and, it is crucial, quick tool to detect and neutralize computer viruses, mail worms, trojan programs and other malware (backdoors, adware, spyware, etc) in real time and by request.

Description

Vba32 Personal Antivirus is prone to a denial-of-service vulnerability caused by an unspecified memory-corruption error. Attackers can exploit this issue to cause the application to crash, denying service to legitimate users. This may aid attackers in launching further attacks while the security application is not running.

Vendor

VirusBlokAda Ltd - http://www.anti-virus.by

Affected Version

3.12.8.x

Tested On

Microsoft Windows XP Professional SP2 (English)

Vendor Status

[07.10.2008] Vendor has knowledge about the issue.

PoC

vba32_poc.rar

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://packetstormsecurity.org/filedesc/vba32-poc-tgz.html
[2] http://www.sebug.net/exploit/4800
[3] http://www.securityfocus.com/bid/31560
[4] http://www.milw0rm.com/exploits/6658
[5] http://osvdb.org/show/osvdb/50829
[6] http://xforce.iss.net/xforce/xfdb/47573
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5667

Changelog

[03.10.2008] - Initial release
[07.10.2008] - Added Vendor Status
[27.09.2012] - Added reference [5], [6] and [7]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk