McAfee anti-virus range hit by library flaw

McAfee is the latest anti-virus vendor to have a potentially serious security flaw affecting a wide range of its anti-virus products.

The vulnerability was discovered by researchers at ISS in the McAfee AntiVirus Library prior to version 4400. The library is used in many of McAfee's desktop, server and gateway products.

The problem lies in when a malformed file in the compressed LHA format is processed by the AntiVirus Library. This triggers a stack overflow allowing an attacker to execute code arbitrary across platforms in a reliable manner.

ISS warned that successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines using this library.

"Compromise of AntiVirus protected networks and machines may lead to exposure of confidential information, loss of productivity, and further network compromise," said ISS on its website.

Machines affected by the vulnerability will require patching but as anti-virus signatures get updated this should happen automatically. The flaw also affect several vendors and ISPs that used McAfee's AntiVirus Library in their services or products.

The news comes after flaws were discovered in Trend Micro's range of anti-virus products (as reported in SC Magazine here). The flaw also affected compressed file processing in its library engine.

Earlier this month SC Magazine reported vulnerabilities affecting CA's Licensing software, opening up vast swathes of the CA product catalogue to potential attack.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.