An Antivirus program is designed to detect, kill and prevent the intrusion of viruses and other malwares into a computer system. However there may exist some development flaws which might make the Antivirus application vulnerable to exploits and they instead of protecting might become the areas through which malwares enter your system. It is important to always update the antivirus with the latest signature definition and also to update them with the patches released by the vendor company. Below is a list of updates or patches for sme of the well known Antivirus applications.
Nod32 AV vulnerability - update available - http://secunia.com/advisories/25375/
Release Date: 2007-05-23
Critical: Moderately critical
Impact: Privilege escalation, System access
Where: From remote
Solution Status: Vendor Patch
Software: Nod32 for Windows NT/2000/XP/2003 2.x
Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 2.70.37.
Solution: Update to version 2.70.39.
http://www.eset.com/download/registered_software.php
Nod32 Antivirus - Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset Nod32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source:
http://secunia.com/advisories/26124/
Avast AV vulnerability - update available - http://secunia.com/advisories/25380/
Release Date: 2007-05-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Successful exploitation may allow execution of arbitrary code. The vulnerability reportedly affects versions prior to 4.7.766 for servers and 4.7.700 for the Managed Client product.
Solution: Update to the latest versions.
http://www.avast.com/eng/download.html
Original Advisory: avast!:
http://www.avast.com/eng/adnm-management-client-revision-history.html
http://www.avast.com/eng/avast-4-server-revision-history.html
Avira AV vulnerability - update available -
http://secunia.com/advisories/25417/
Release Date: 2007-05-29
Critical: Highly critical
Impact: DoS, System access
Where: From remote
Solution Status: Vendor Patch...
Solution: Update to AVPack version 7.03.00.09 and Engine version 7.04.00.24. These updates have reportedly been made available since 2007-05-23
Original Advisory: Avira:
http://forum.antivir-pe.de/thread.php?threadid=22528
Read more -->
http://maliciousbrains.blogspot.com/2008/02/multiple-av-vendor-vulnerabilities.html
Arcade
