FYI...

> http://atlas.arbor.net/briefs/index#1027704494
Panda Antivirus EXE File Parsing Buffer Overflow Vulnerability
Severity: High Severity
Published: July 23, 2007
Panda AV is vulnerable to a buffer overflow when processing Windows EXE files. The error comes in an integer cast when parsing EXE header data. A malicious attacker could send the victim a malformed EXE file to be processed by Panda AV. This would then allow the attacker to run arbitrary code on the victim's computer. Updates have been made available.
Analysis: This is a similar issue to the Eset NOD32 file processing issue and nearly a dozen such vulnerabilities recently. We believe that this trend will continue for some time.
Source: http://secunia.com/advisories/26171/

NOD32 Antivirus Multiple File Processing Vulnerabilities
Severity: High Severity
Published: July 23, 2007
Eset NOD32 antivirus is vulnerable to file processing vulnerabilities that could be abused by a remote attacker to compromise a system. The AV software has problems processing CAB, ASPack, and FSG packed files. Malformed files could be sent to a victim to be processed by NOD32 and then run arbitrary code on the server. Eset has issued updated software to address this issue.
Analysis: This is another AV vulnerability in handling files. We do not expect it to be the last one, in this package or any other AV package.
Source: http://secunia.com/advisories/26124/

.

This post has been edited by AplusWebMaster: Jul 4 2009, 08:03 AM

FYI...

F-secure - Mail relay vuln - update available
- http://www.f-secure.com/en_EMEA/support/se...fsc-2009-2.html
2009-06-16 - "...Specially crafted messages may be used to bypass mail relay restrictions.
Mitigating factors:
* The issue only affects systems where the SMTP Turbo module is used for mail distribution.
* Incorrectly relayed messages still pass through spam filtering, which decreases the vulnerability’s usefulness for spam relaying.
Affected platforms: All supported platforms
Products: F-Secure Messaging Security Gateway 5.5.x...

- http://secunia.com/advisories/35475/2/
Release Date: 2009-06-16
Critical: Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Vendor Patch
OS: F-Secure Messaging Security Gateway P-Series, F-Secure Messaging Security Gateway X-Series...
Solution: The vendor has fixed the vulnerability in patch 739, delivered automatically to affected systems. Approve the installation of patch 739 for systems not configured for automatic patch installation...



This post has been edited by AplusWebMaster: Jun 16 2009, 06:25 AM