n.runs AG=09=09=09=09=09 =20 http://www.nruns.com/=09=09=09 security(at)nruns.com n.runs-SA-2007.019 20-Jul-2007 ________________________________________________________________________ Vendor:=09 Panda Software, http://www.pandasoftware.com Affected Products:=09Panda Antivirus Vulnerability: Arbitrary Code Execution (remote)=20 Risk:=09=09=09HIGH ________________________________________________________________________ Vendor communication: 2007/05/07=09=09Initial notification to Panda Software=20 2007/05/08=09=09Panda Software Response and pgp keys exchange 2007/05/09=09=09PoC files sent to Panda Software 2007/05/10=09=09Panda Software has some problems to reproduce it 2007/05/10=09=09Assess to Panda Software to reproduce the bug 2007/05/24=09=09Panda Software works on the vulnerability 2007/05/25=09=09Panda Software first beta fix 2007/06/01=09=09Ping to Panda Software for update on fix status 2007/06/03=09=09Panda Software fix in QA 2007/07/05=09=09Ping to Panda Software for status update 2007/07/05=09=09Panda Software fix still in QA 2007/07/13=09=09Panda Software notify tentative release date 2007/07/20=09=09Panda Software made available the updates ________________________________________________________________________ Overview: =20 Founded in 1990 in Bilbao, Spain, Panda Software is privately owned and has= been self-financed from the start. With a strong focus on innovation and r= esearch, it became a market leader in Spain in 1995 and started its interna= tional expansion in 1996. In 2007, Investindustrial and Gala Capital entere= d Panda Software=E2=80=99s share capital as part of a strategy to undertake= an aggressive expansion plan and globally launch new IT security solution. Today the company maintains its international headquarters in Bilbao and Ma= drid, and counts on a network of 3 subsidiaries (USA, Spain, France), a joi= nt-venture in China and 56 exclusive franchises in as many countries around= the world. The company sells its products and services to consumers and bu= sinesses in over 200 countries around the world. Panda Software is a leading developer and provider of integrated security s= olutions to combat viruses, hackers, Trojans, spyware, phishing, spam and o= ther Internet threats. Panda Software's centrally managed security solutions protect servers, gate= ways and endpoints, ensuring an effective and simple-to-use line of defense= against Internet threats for enterprises, small and medium-sized businesse= s and home users. Description: A remotely exploitable vulnerability has been found in the file parsing eng= ine. In detail, the following flaw was determined: - Buffer Overflow through Integer Cast Around in .EXE file parsing Impact: This problem can lead to remote arbitrary code execution if an attacker car= efully crafts a file that exploits the aforementioned vulnerability. The vu= lnerability is present in Panda Antivirus software versions prior to the la= st update of 20.Jul.2007. Solution: The vulnerability was reported on May 07 and an update has been issued on J= uly 20 to solve this vulnerability through the regular update mechanism. ________________________________________________________________________ Credit:=20 Bugs found by Sergio Alvarez of n.runs AG.=20 ________________________________________________________________________ References:=20 Vendor Acknowledgement: =09"Panda Software would like to thank Sergio =E2=80=98shadown=E2=80=99 Alv= arez=20 =09of nruns.com for reporting this issue and working responsibly=20 =09with us to release a fix in order to protect users." This Advisory and Upcoming Advisories: http://www.nruns.com/security_advisory.php http://www.nruns.com/parsing-engines-advisories.php ________________________________________________________________________ Unaltered electronic reproduction of this advisory is permitted. For all ot= her reproduction or publication, in printing or otherwise, contact security= @nruns.com for permission. Use of the advisory constitutes acceptance for u= se in an "as is" condition. All warranties are excluded. In no event shall = n.runs be liable for any damages whatsoever including direct, indirect, inc= idental, consequential, loss of business profits or special damages, even i= f n.runs has been advised of the possibility of such damages.=20 Copyright 2007 n.runs AG. All rights reserved. Terms of apply.