|
f¸逽
❒ Summary
V3 engine has got the weakness that it uses
Null Byte in the field of non-existing memory when it tries to handle the specially
manipulated zip file. Attackers may use this weakness and cause the phenomenon
of system denial in the system of users who use V3.
❒ Type of attach Service Denial
❒ Specified systems
- AhnLab V3 Pro 2004
- AhnLab V3 Internet Security 2007
❒ Influence
Attackers may use this weakness and cause
the phenomenon of system denial in the specified systems.
❒ Description
V3 engine has got the weakness that it uses
Null Byte in the field of non-existing memory when it tries to handle the specially
manipulated zip file. Attackers may send a manipulated zip file to the users
remotely and the phenomenon of service denial in the system of users may arise.
When the real time scanning is running, the phenomenon of [Blue Screen Of Death]
appears, and when it is run manually, the error appears in v3medic.exe. V3 Engine
copies the file names from the Zip file header and saves them in the memory
and then, adds Null byte at the end. However, when if FileNameLenth(0x1a) value
of Zip file header is manipulated abnormally huge, the engine uses Null Byte
in the field of non-existing memory.
mov edx, [ebp+var_C] xor eax, eax mov ax, [edx+1Ah] mov
ecx, [ebp+var_14] mov byte ptr [ecx+eax], 0
❒ Solution
It is possible to remove this weakness by updating
the engine to the version that is newer than V3 Engine 2007.11.08.00 or by applying
the most recent version of engine provided by AhnLab.
For the most updated version of engine, using Smart Update
Utility is the easiest way and you may refer to the following address for the
instruction.
We recommend our customers to update lastest version
of V3 Engine by using Smart Update
|
