Flawed antivirus products

A load of new issues have been published, related to AV products (during the current month). Apparently fuzzing is becoming quite a bit popular nowadays, as mostly every issue is related to a file format parsing flaw:

• F-Prot Antivirus for Unix: heap overflow and Denial of Service
• [ GLSA 200612-12 ] F-PROT Antivirus: Multiple vulnerabilities
• iDefense Security Advisory 12.08.06: Sophos Antivirus CHM File Heap Overflow Vulnerability
• iDefense Security Advisory 12.08.06: Sophos Antivirus CHM Chunk Name Length Memory Corruption Vulnerability
• iDefense Security Advisory 12.08.06: Multiple Vendor Antivirus RAR File Denial of Service Vulnerability
• n.runs - NOD32 Antivirus CAB parsing Arbitrary Code Execution Advisory
• n.runs - NOD32 Antivirus DOC parsing Arbitrary Code Execution Advisory
• n.runs - BitDefender AV Packed PE File Parsing Engine Heap Overflow

Definitely AV engines are a hot target for fuzzing. They are supposed to handle many different archive and executable formats and that's a great source of security issues (most commonly, integer overflows, heap-based buffer overflows and even some good old stack smashing fun).

Windows 2000 SP4 WehnTrust Home User

Just a quick note about WehnTrust Home User 1.0.0.9 results from a Vista-Probe 0.2 test run in a Windows 2000 Professional SP4 installation. skape has done a nice job with the ASLR stuff, it beats Vista so far (15 bits to 8bits for heap in RC1). Hope to test the SEH overwrite protection and the other goodies from commercial version soon.